amadey | 1192-242-0x0000000003650000-0x00000000036C1000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1192-242-0x0000000003650000-0x00000000036C1000-memory.dmp
Size

452KB
MD5

72e7c6f90d207c410106e5b374f02246
SHA1

18d6928a56322aa4291ee527159f6f67b5794528
SHA256

f6b44ec67e126ce8bdd3f87173b0e1fe02c16ee52e0a8f75adcb85177d7826e7
SHA512

97b948272a8b4d276685694171da4f59a41b34a2e623b7f63605452d56ee15d65e70831d0774fcdd210e4591da17fb3eaa86c626e83d223360379d8166148264
SSDEEP

6144:N1UQUeSfWTwXSM4iE2Txusr38KSBNGUZNLpv66e9JztOoi3KATIuV1gsNu+cljHn:LUecD4ousUN5Re9dHi36uVTNu+cvk5p

Score

10^/10

1176f2 amadey

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

1176f2

C2

http://185.215.113.19

Attributes

install_dir
417fd29867
install_file
ednfoki.exe
strings_key
183201dc3defc4394182b4bff63c4065
url_paths
/CoreOPT/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1192-242-0x0000000003650000-0x00000000036C1000-memory.dmp

Files

1192-242-0x0000000003650000-0x00000000036C1000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ