amadey | 2876-3-0x0000000000D60000-0x0000000001210000-memory[.]dmp | Triage

Sharing

General

Target

2876-3-0x0000000000D60000-0x0000000001210000-memory.dmp
Size

4.7MB
MD5

d7b47a2ef31a8deb91d2e7d023b8f3e3
SHA1

dc87c994d4749cca2dc1dfaf3adb83dc11fe3105
SHA256

5ee7ef381e2f0cd1f3c0a6c2e44b14f048c49695e42e3bd4989d29a0a600839b
SHA512

9209d404a084f25fe63740c9c95090a9b01546b87e8c7d1b545cf88c8e611810d5cdb9be36f216e34573c0f3f86b0d795bf0d8a9cf9275acd4622e0dcf9e62c3
SSDEEP

98304:3NphSte08Qfigz8dCJoNXszqmILUA/TdbeOJDg4hjhm0PsV374S:3NAXdXzqmILUA/TdbLO0g4

Score

10^/10

fed3aa amadey

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes

install_dir
44111dbc49
install_file
axplong.exe
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
url_paths
/Jo89Ku7d/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2876-3-0x0000000000D60000-0x0000000001210000-memory.dmp

Files

2876-3-0x0000000000D60000-0x0000000001210000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

utmwqwxy
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sljmaoda
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE