Extracted

Extracted

• • Target

    0x0008000000012326-139.dat

  • Size

    840KB

  • MD5

    4a1a271c67b98c9cfc4c6efa7411b1dd

  • SHA1

    e2325cb6f55d5fea29ce0d31cad487f2b4e6f891

  • SHA256

    3c33e130ffc0a583909982f29c38bffb518ae0fd0ef7397855906beef3cd993d

  • SHA512

    e9fc716c03a5f8a327ac1e68336ed0901864b9629dcfd0a32efe406cdfc571c1bd01012aa373d2ad993d9ae4820044963a1f4cd2ba7ebe5a4b53b143b7b7a2c2

  • SSDEEP

    24576:/kRkLis0EC5vKcYE52sYAt2rKzTmExr8:570nFNYwzTLxr8

  Score

  10^/10

  nymaimredlineytstealerevasioninfostealerminerstealertrojanupxsmokeloadernam6.2ruzki9backdoorpersistence

  • Detects Smokeloader packer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Detectes Phoenix Miner Payload

    miner

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2