amadey | 2544-3-0x0000000000150000-0x000000000061D000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2544-3-0x0000000000150000-0x000000000061D000-memory.dmp
Size

4.8MB
MD5

7e1bdb669a314a1ea35c6a84a0b86fa9
SHA1

2e423b484c74a6414e7e256f476a6818131c67d8
SHA256

098b7defe2a0317cea2f2023cacdb15967aa8206f9a4f591122b788c8a4d86a7
SHA512

efd28e7cc60f2fed262c19218623725e00c4a82b820554c639a317f52975c4f4f91c202437a69048535cf491f36776bdbddb1ea6c92db7ea3d6a5805f9a41e97
SSDEEP

98304:0h1OCZctNnXg9LT1XgUPZeoch05qxHg3BaxsnPZRPSeE4PG/XIg0e:0OKlwoch009gRacRPSetPG/Igl

Score

10^/10

fed3aa amadey

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes

install_dir
44111dbc49
install_file
axplong.exe
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
url_paths
/Jo89Ku7d/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2544-3-0x0000000000150000-0x000000000061D000-memory.dmp

Files

2544-3-0x0000000000150000-0x000000000061D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xhqvnrvf
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ksyfpezl
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE