Extracted

Extracted

• • Target

    fbac8499f9b9374327cb08b0a19a09da2e26f464bf082708db77228a44277f0c

  • Size

    3.6MB

  • MD5

    a2c7a93f123d477aeb5cd0c87e95711f

  • SHA1

    d2159c9274e01d44217f04d7491a9ab899b6e1c2

  • SHA256

    fbac8499f9b9374327cb08b0a19a09da2e26f464bf082708db77228a44277f0c

  • SHA512

    ec89e133346ad53af32c584f27129cfd5d62d85b2990136f696b2dc3aba7b2919b3e30e8081b880fb219f694d56f3bb02eb03a8484f7c160ccee435f3aa21109

  Score

  10^/10

  amadeyfickerstealerevasioninfostealerthemidatrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Executes dropped EXE

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2