amadey | 2032-439-0x0000000000400000-0x0000000000471000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2032-439-0x0000000000400000-0x0000000000471000-memory.dmp
Size

452KB
MD5

2e074b536b21794f882ec3f64d626f2a
SHA1

645a79c27cddc78d18afb553f7f0cf6ee8707613
SHA256

c8b47d5d41990c4e289efca46853d7c2146b18ab12289b55655eab4190a5e2c7
SHA512

bfebb8f715b29966e12abc0f71719bd73f4d17ee3fca799fe4e5e339eca16a3183f984bb099afaba30570d19f26be09470dd4fd0bf760ccd34d30a5777e5f7eb
SSDEEP

6144:31YnIct+B6NxMYE4+Sx9SY5pkUM7LOM/9HtlcyKZrr02e7wufA5oVt1ZuWu1KBF/:0IGxJECSYCLTxKZn1e7C5oVnZuWu3p

Score

10^/10

1176f2 amadey

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

1176f2

C2

http://185.215.113.19

Attributes

install_dir
417fd29867
install_file
ednfoki.exe
strings_key
183201dc3defc4394182b4bff63c4065
url_paths
/CoreOPT/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2032-439-0x0000000000400000-0x0000000000471000-memory.dmp

Files

2032-439-0x0000000000400000-0x0000000000471000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ