Extracted

Extracted

Extracted

• • Target

    c244daa7bc6cde90a0580dc905273e04e25fb34a0d5828b6212d47ba60eefcaa

  • Size

    5.6MB

  • MD5

    390092727e31a3e32bc1a21d6bab5c91

  • SHA1

    9f645ab6f392334bb246ecfe02fd0b1580392047

  • SHA256

    c244daa7bc6cde90a0580dc905273e04e25fb34a0d5828b6212d47ba60eefcaa

  • SHA512

    4066c5304e79133247a5254bdcd9e8f93ee13dd926157303e858bb00d5ce375d24a79e7d36a6a4c3f6117fb183b869077b449f504b585dfc643edc6fd59f4a15

  • SSDEEP

    12288:cqcxdaubds9DyQCnxZtS5FnJizqLHzs0h+l71kMvBaOxkGkL:cqcza+oDyQC9Sz3kl3v1kG

  Score

  10^/10

  amadeysocelarsvidar494discoveryspywarestealertrojanvmprotect

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Socelars

    Socelars is an infostealer targeting browser cookies and credit card credentials.

    stealersocelars

  • Socelars payload

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1