General

  • Target

    b2142649.exe

  • Size

    224KB

  • MD5

    95c08c6bdade25e84a4536396760af3a

  • SHA1

    2135bdd1c6de0e38e5c5814f8aed95d26e7534a3

  • SHA256

    97756a3aba636c16c10852a994291250619678bc677fadbe358487d95309ecaa

  • SHA512

    bef843c0b30a149ba1fb702cd680fb3a4839429b44343124363324153ffa011ea27e512703e16456f3291932911a4d5dab58b76d0446cc502b6666caafe80ca7

  • SSDEEP

    3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.86

Botnet

88c8bb

C2

http://77.91.68.61

Attributes
  • install_dir

    925e7e99c5

  • install_file

    pdates.exe

  • strings_key

    ada76b8b0e1f6892ee93c20ab8946117

  • url_paths

    /rock/index.php

rc4.plain

Signatures

  • Amadey family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b2142649.exe
    .exe windows:6 windows x86 arch:x86

    698e68059e2b8538f873da69a2766d48


    Headers

    Imports

    Sections