Extracted

• • Target

    e8b89aef89ca2d7eec790f81ad7fdcc7e869958ab2a4b0811bfd2dde8e84573c

  • Size

    210KB

  • MD5

    6ea2cb4357cf0d541f1aba088dd2148d

  • SHA1

    957381937647307cc3d249446447cae9542ba54b

  • SHA256

    e8b89aef89ca2d7eec790f81ad7fdcc7e869958ab2a4b0811bfd2dde8e84573c

  • SHA512

    d483321553f6c3c7052114c6c305d37d6f8bb4740b7cf63e721142572c4df3d3cc61e2814ef0705d7f249ada2b1d519b601af775a23dd83910117d8048b435de

  • SSDEEP

    3072:543GTiaNMNh/QN8YLKWvE6rX5B1vHBMfNvxCJxxnXdd9XiC0x:542TVeoN5LKWvEivhclI7/d30

  Score

  10^/10

  amadeyredlinesmokeloaderslovarik15btcbackdoorcollectioninfostealerspywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Amadey credential stealer module

  • Detects Smokeloader packer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1