General

  • Target

    SecuriteInfo.com.Win32.MalwareX-gen.24464.28302.exe

  • Size

    416KB

  • MD5

    79875579217d38930dfe270fd7e14df1

  • SHA1

    64138d4d9e4e6615ae74083e14726bcd90e88ff9

  • SHA256

    3633b51985b6b9175755b0caad89fbcfd81aef6914aeb327ce2dedfb1f1c8b27

  • SHA512

    e52c0a297a36d11af497c1531427b8674c7f3de67cf277855e3685e5e5a28febb7effa68864b521b324c32b4fa253a394c1e05f7893847e4c7167d94fac6ccc3

  • SSDEEP

    6144:ZPUIrO0NCh31Alxujw54YsnLiO1ptnvT0lAkuW8GUi/83FrPKoTIf504AO4n2/jd:ZPUIrO0NChSlMw4vn7T0lAnW8BKhj

Score
10/10

Malware Config

Extracted

Family

amadey

Version

5.50

Botnet

c3c3ff

C2

http://196.251.85.220

Attributes
  • install_dir

    fd7d287510

  • install_file

    nudwee.exe

  • strings_key

    3872399e63d63a78b38475d9142cabc0

  • url_paths

    /E3jv8fS9b/index.php

rc4.plain

Signatures

  • Amadey family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • SecuriteInfo.com.Win32.MalwareX-gen.24464.28302.exe
    .exe windows:6 windows x86 arch:x86

    1e7280afbf80c2800b272220ce0718da


    Headers

    Imports

    Sections