General

  • Target

    eff5fad47b9c739b09e760813b2bcbb0788eb35598f72e64ff95c794e72e6676.exe

  • Size

    431KB

  • MD5

    4962575a2378d5c72e7a836ea766e2ad

  • SHA1

    549964178b12017622d3cbdda6dbfdef0904e7e2

  • SHA256

    eff5fad47b9c739b09e760813b2bcbb0788eb35598f72e64ff95c794e72e6676

  • SHA512

    911a59f7a6785dd09a57dcd6d977b8abd5e160bd613786e871a1e92377c9e6f3b85fe3037431754bbdb1212e153776efca5fadac1de6b2ad474253da176e8e53

  • SSDEEP

    12288:JOKJim5EI9tVEw/JF4+D3q2IMbgiDK7mWasB:Jj9tL8ZMEiDfWb

Score
10/10

Malware Config

Extracted

Family

amadey

Version

5.10

Botnet

0f3be6

C2

http://185.81.68.147

http://185.81.68.148

Attributes
  • install_dir

    ee29ea508b

  • install_file

    Gxtuum.exe

  • strings_key

    d3a5912ea69ad34a2387af70c8be9e21

  • url_paths

    /7vhfjke3/index.php

    /8Fvu5jh4DbS/index.php

rc4.plain

Signatures

  • Amadey family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • eff5fad47b9c739b09e760813b2bcbb0788eb35598f72e64ff95c794e72e6676.exe
    .exe windows:6 windows x86 arch:x86

    407b29a1346b818a12b66f58555063ce


    Headers

    Imports

    Sections