amadey | 2972-3-0x0000000001100000-0x0000000001593000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2972-3-0x0000000001100000-0x0000000001593000-memory.dmp
Size

4.6MB
MD5

56058e47150edc2a4cbc3d91dd8f8e9d
SHA1

cb2eb8e7cecc74cd0e9c0b6945778b459faf6842
SHA256

11d1caacfe205bf9099091bc3b7525483f376bba182b15f14c4736d488d93a48
SHA512

4f35c58b14bc149ec3fed345be3765b6fba4e6ee7a53584808f04b80eecf44ec998187c9d932d74fe645d0cd55ba75c666e95ab4cb026b6a3a3ae8ab52128ee1
SSDEEP

98304:Crmg525FHqVMhKvMlsCrv3aa5J4oZPWTUh7/YZJZa3SD:CglLr3aa5J4iESrUZkO

Score

10^/10

49e482 amadey

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

49e482

C2

http://147.45.47.70

Attributes

install_dir
1b29d73536
install_file
axplont.exe
strings_key
4d31dd1a190d9879c21fac6d87dc0043
url_paths
/tr8nomy/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2972-3-0x0000000001100000-0x0000000001593000-memory.dmp

Files

2972-3-0x0000000001100000-0x0000000001593000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jsiaiybg
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rrudvlrz
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE