Overview

overview

10

Static

static

10

3060-404-0...ry.exe

windows7-x64

1

3060-404-0...ry.exe

windows10-2004-x64

3

3060-404-0...ry.exe

windows10-ltsc 2021-x64

3

3060-404-0...ry.exe

windows11-21h2-x64

3

Resubmissions

13-12-2024 22:02

241213-1x5yks1nar 10

21-11-2022 19:40

221121-ydj6naea78 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3060-404-0x0000000000400000-0x00000000005A3000-memory.dmp

  • Size

    1.6MB

  • Sample

    241213-1x5yks1nar

  • MD5

    010dfb80cddabf8b0d3430a5e8091840

  • SHA1

    b4c4f5a7df19db9a6408eb181b73f4d36286ca60

  • SHA256

    12e8ed79e6d8b87a5a324a0ccbb021cc8e11e03a2c4f3dcc88021018ad9978a0

  • SHA512

    bd3d9a0837c3ebcc478612c36496a322eb83ee196a5c4caceab527965ea37ad1165cf09e0d48cc2583a30fbc5e0032d96fb23b123c356c17baff9d8d0d41345c

  • SSDEEP

    6144:kR69jvgMRufd/piq5aIiS87fSujpjBeXuID:iKjmX5ag8+ujpjyu

Score
10/10
amadeyb83488

Malware Config

Extracted

Family

amadey

Version

3.50

Botnet

b83488

C2

http://193.56.146.174

Attributes
  • install_dir

    99e342142d

  • install_file

    rovwer.exe

  • strings_key

    c0fc1b559f0ce3c82595f015631379db

  • url_paths

    /g84kvj4jck/index.php

rc4.plain

Targets

    • Target

      3060-404-0x0000000000400000-0x00000000005A3000-memory.dmp

    • Size

      1.6MB

    • MD5

      010dfb80cddabf8b0d3430a5e8091840

    • SHA1

      b4c4f5a7df19db9a6408eb181b73f4d36286ca60

    • SHA256

      12e8ed79e6d8b87a5a324a0ccbb021cc8e11e03a2c4f3dcc88021018ad9978a0

    • SHA512

      bd3d9a0837c3ebcc478612c36496a322eb83ee196a5c4caceab527965ea37ad1165cf09e0d48cc2583a30fbc5e0032d96fb23b123c356c17baff9d8d0d41345c

    • SSDEEP

      6144:kR69jvgMRufd/piq5aIiS87fSujpjBeXuID:iKjmX5ag8+ujpjyu

    Score
    3/10
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks