amadey | 5020-3-0x0000000000B00000-0x0000000000FBA000-memory[.]dmp | Triage

Sharing

General

Target

5020-3-0x0000000000B00000-0x0000000000FBA000-memory.dmp
Size

4.7MB
MD5

789795016d29e848ae166249544053a6
SHA1

62c52635c2de643b645102d83d65e10f5cedb09b
SHA256

1f9980ee029eb87e05f115dbe2e1f369173558817085df0e36976b25478dfa05
SHA512

fb702d3a384ad6adc85ba4d55089ae6db7f0923d28764fcba1743fb0a002e477f2c4859299d8d7d9ec02a2f69d3cda3119a7bc6e0aec98993ef6cfef8b9d6ec3
SSDEEP

98304:yBiMiWLiKYQz/bw4b0M5e1I85VcSPVD5Hmaf++psONE:y3LRLw4bN2IMDPV9GNj

Score

10^/10

4dd39d amadey

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes

install_dir
ad40971b6b
install_file
explorti.exe
strings_key
a434973ad22def7137dbb5e059b7081e
url_paths
/Hun4Ko/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5020-3-0x0000000000B00000-0x0000000000FBA000-memory.dmp

Files

5020-3-0x0000000000B00000-0x0000000000FBA000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nctxvtdg
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mihfloxn
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE