amadey | 2848-32-0x0000000000800000-0x0000000000874000-memory[.]dmp | Triage

Sharing

General

Target

2848-32-0x0000000000800000-0x0000000000874000-memory.dmp
Size

464KB
MD5

db34119331a1d5bd3704b3a0d608baf4
SHA1

3d4ed41739252a067bbc2d551369339e13d3de80
SHA256

2ca90359af9b813d46ad18a021a64c1ccd612b8777b2f9ef2ae2d7259ba0abbb
SHA512

31e0cfd7205c8ba37465ebe034cf177c820b6f2f0ab5d617e65de677de06ea294e50b45b800d8876f40aae2141ed507dfa1ff78f9b63546c79269740a5311c72
SSDEEP

12288:Hj98bKozHw6UGa0WPp7XlcoMGXidhwmp5kM:mHwBhBbMUiIkk

Score

10^/10

8a680c amadey

Malware Config

Extracted

Family

amadey

Version

5.10

Botnet

8a680c

C2

http://62.60.226.15

Attributes

install_dir
f39a3c5206
install_file
Gxtuum.exe
strings_key
a1bf8674ebe6a09a1462faf683ebc122
url_paths
/8fj482jd9/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2848-32-0x0000000000800000-0x0000000000874000-memory.dmp

Files

2848-32-0x0000000000800000-0x0000000000874000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

hcj
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE