amadey

Sharing

Copy URL

Twitter E-mail

General

Target

SetupSoft(x64,x32).zip
Size

15.7MB
Sample

230115-q6jrlafe75
MD5

1a9ebe6ad3898a27b9cd2789d0f53140
SHA1

fb74936f5d5766583845a8394d24ed663e77eb05
SHA256

b1a842303958fe6433b91b72bb6eb2fec34602cafe400e42ba42d591a5fbee47
SHA512

b816ba325b09c59d85af883b7f852fc2ebe47eb9a630cf34f6b4a92261b806a9abbaed7af9893adeab101395c3692e182c67925b1ca1a5cfcdf450f7887bc8d8
SSDEEP

393216:BMbqwFRlkPbN06xgfOgImO/4hXyUglCh+h6ICXAZ:BMbqwlkC6KfCmO/fvIG6xQ

Score

10^/10

Malware Config

Extracted

Family

redline

95.216.252.182:4279

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Extracted

Family

amadey

Version

3.65

83.217.11.7/8vcWxwwx3/index.php

Targets

- Target
  
  SetupSoft(x64,x32)/Resource files/AppXRuntime.admx
- Size
  
  3KB
- MD5
  
  88d794ea092ef395433cfa321d06e5e4
- SHA1
  
  f1f7c7dfbd04ac5a92cbde88bd4f087781d63c40
- SHA256
  
  5afc969e4212a6511f307385c99b8868e8c873183dc271bbb95ba571b24eb53e
- SHA512
  
  ebb770102b8202de4bb7319cbc2cda860e4de5d1e95f0fbef4d4890aa2b22cd48cf73909d028a37b507926b4fad573716fba16e50b8f9eca8d5feab00ac17cca
Score

1^/10
behavioral1
- Target
  
  SetupSoft(x64,x32)/Resource files/AuditSettings.admx
- Size
  
  1KB
- MD5
  
  9a36a7410b4ef98b36da553e050b9788
- SHA1
  
  4ba6e5225a7c5daf30f4947b9288b708e8e557e8
- SHA256
  
  ebac316580540b7ee8e399f890470527e456f2c6a103fcc899f4b2442d8e69f7
- SHA512
  
  7cd81f2bedde51bca3a1f5a0889870be71ef521e5c331f1c8ba4ce97bf604adfff6cafa0fe707ed55df62bc340c45baa189e3d07f20a466ee7254f3c6abe6b74
Score

1^/10
behavioral2
- Target
  
  SetupSoft(x64,x32)/Resource files/EventForwarding.admx
- Size
  
  1KB
- MD5
  
  ef4ad318ea464cde69829a9201d7d526
- SHA1
  
  a3b7cc6ebb70c45cd752121d0afa30a35b72c9d3
- SHA256
  
  8e3854b06f7dfef7c0e68e1258f1d33a4b888a97f075a5d25757fa987acb5704
- SHA512
  
  0abca7fa5c44572841fab002f19d05756f5566b8e3ce6d172662a37ae7053d9d0838639e2ec5843ec8d5c9c05205dc6dd150eb4f91ecebefef6afefb370d869b
Score

1^/10
behavioral3
- Target
  
  SetupSoft(x64,x32)/Resource files/ExternalBoot.admx
- Size
  
  2KB
- MD5
  
  ada14c9e12ebb088628c86ada31184e6
- SHA1
  
  a2578366538e3de9ea2c047372217a3ff3ff25fb
- SHA256
  
  4bd2d8e664271482adfdb53411298577d2bb7c5cf18a6fff30fd8f40abb17ff4
- SHA512
  
  147a0d77b2c8e66a97d22e62d15248fc93c0a82d8529628a9612c7aac7dc48ccb3ca8fda317ccc0372e0c9001e8cdf8fa8d12e47d84412df3ddee0b1bebbd93f
Score

1^/10
behavioral4
- Target
  
  SetupSoft(x64,x32)/Resource files/FileSys.admx
- Size
  
  6KB
- MD5
  
  499e7751b019078a8a997d67e8805686
- SHA1
  
  8d3bc566a990569dcd87a4862f4ea74b5a8d7696
- SHA256
  
  bc713bc684b0bdda9342da9fa7e36caf7f328f32915144c6eca49b674917df88
- SHA512
  
  0ccb75c55eeddfaaaf658087904bfca12c520d542789527e1248785ead66bf9f3de8478b2661814f549c6ec0bf8ebaefa1ec250199b1a6e3ccf95f6f60637d12
- SSDEEP
  
  192:sYl9Bi4JFLHTSRPTsOyA0VXAQsMAy5PVzRMS6l0TE:ztJFLHTSRPTsOylXgMf9zRMV2E
Score

1^/10
behavioral5
- Target
  
  SetupSoft(x64,x32)/Resource files/SkyDrive.admx
- Size
  
  2KB
- MD5
  
  a94642be85e83bd11fe2edc8ee57a052
- SHA1
  
  cce07bcc7dbe8bfef8f9397c8b6e76b96ddc9aa9
- SHA256
  
  da3489644a56924340c30ba06dca8d02ac68a772c1971ebeedfb07767ea6f1ee
- SHA512
  
  cfe4f318b08c3924c51eb679541b3a8d8d36cb47ffb5ebd9d979d254c1cba8782dfd8757f748944967392608dcc1775fdf82b9324b03481314b1f661a085b733
Score

1^/10
behavioral6
- Target
  
  SetupSoft(x64,x32)/Resource files/WinCal.admx
- Size
  
  1KB
- MD5
  
  bede56a7aef6b3db49ab7d2eb3f2870a
- SHA1
  
  bc18289b953a8ac6c0c8e519f72e6adee933ff98
- SHA256
  
  1fc29fc668043aa03ffeb2d61868d3369479c3cef2c4725d162cf5344dcbdcfa
- SHA512
  
  2bde0a5f1983b08379c262f86aadf8635834674981faf7feb3ebc39b12ece95b21203be82fde2fe88f6a662836374a7ac3d6fb8057d5273923259b3af206a3a6
Score

1^/10
behavioral7
- Target
  
  SetupSoft(x64,x32)/Resource files/WorkplaceJoin.admx
- Size
  
  1KB
- MD5
  
  4a94b4f104af2c09215eb52d7f84f748
- SHA1
  
  5c414d468a0b571ca9fec00364dd4e2a185dbe92
- SHA256
  
  5fabf5c534f78ce92bf7daa6d4ade2dd61002e689a8246928209bf38d7bf1bee
- SHA512
  
  971a7f298fb6ece17bd9e02d636988960b4955ed8c6e44d271f4405e06268b65db6ce396caeeb41113ef2d220418c7c0bd48f3dc5852de76331eec0307516af4
Score

7^/10
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral8
- Target
  
  SetupSoft(x64,x32)/Resource files/msched.admx
- Size
  
  2KB
- MD5
  
  96d22e893dfb610e2fcbf06487747388
- SHA1
  
  99a792caa380276f43687b2ac36f42585d642c77
- SHA256
  
  295ed67096dff66228e1069fe6f6435f829a7172983c49906f7ffd4a3e210cc0
- SHA512
  
  2bf1485d0e5907eab1d472364c35ba7eaf51f4a9cd3ddae64770fdcc3c8b2729a5d2e0684d058df7f8b9c5015ebdf7ffbc65c1a7fd9f402615164f66a40ea27c
Score

1^/10
behavioral9
- Target
  
  SetupSoft(x64,x32)/Resource files/wlansvc.admx
- Size
  
  1KB
- MD5
  
  5e91ab87cfcfaff4ee2df1de9f56aec9
- SHA1
  
  5e1cc79f0c019a2707b0a8c71016a0a29c2e0bf6
- SHA256
  
  683522392f9efbf5aa9ec0d494cc77f3b430bcb2aa93cda36002368ba9744b30
- SHA512
  
  3a4aff0419f8a0b1a92170cfd71bc1d06d40b4410b350d4071aedcbf9bab095fe8d0ea0d83bfa821d8ee9649c22a3786e29e60f0b8ad363ad04fc6a8a721d23c
Score

1^/10
behavioral10
- Target
  
  SetupSoft(x64,x32)/Resource files/wwansvc.admx
- Size
  
  2KB
- MD5
  
  d678fa20d6119e611d2866830fe02668
- SHA1
  
  93412a379b31d0b26a2a9fd3c2726ee42dc52ee3
- SHA256
  
  a9e3a282b770c3a69078f3f87ce3251aee637a6458874f0f813dbca51f35d70b
- SHA512
  
  f6133cac994b513ecb05c8cf8009d05b3c4163b08c9eeeea728a0634b3620085edd479be227b351e77249f7486079e445949c26b6f9e8577dcda8ef753c5ee0a
Score

1^/10
behavioral11
- Target
  
  SetupSoft(x64,x32)/Setup_Soft.exe
- Size
  
  734.1MB
- MD5
  
  9d31e17b11395dc9b2e23b735e3fdb66
- SHA1
  
  163fa32c8564013c91caad6801c77b54df758f04
- SHA256
  
  94f41bb3d9a7a8b5e0fd58ad4e334d2c923a45cfb42a633b505bd94be8b2c127
- SHA512
  
  72fbe9173abb065f20409ce23ce3d3cc6af94468bfae9267926e6acb4203dc5d6fb7bac347c4c5d4ddb91aeff079bb3d87bbb3b2a355310723d6c76e4188b6dd
- SSDEEP
  
  98304:Y5I5x3omArylYOI5CAaT+dPas2Yv0zcBWc1fldTRwaykXf1DO4:15xqyoaT+dPB2mwq7T5bXf7
Score

10^/10

amadey dcrat redline smokeloader backdoor infostealer rat spyware stealer trojan upx
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral12
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/amd64/bhkspex.x64
- Size
  
  103KB
- MD5
  
  d78686b8130fec68e1a75cec4d2962ae
- SHA1
  
  1816da02e7f8f678b11e4152d56b8af9a9c10469
- SHA256
  
  051be9377f04204ec5df434c451231bceca75b04c230b229160b3e27acfc4484
- SHA512
  
  883b89182b48018eea8d9dc77e65fadb769545579f175b5f4360f8d30669f32f748165310609b46c0bfdb628789b089f405aa94cc0a61d4221b83700706bdc44
- SSDEEP
  
  3072:p8N/5h8XgEu5C2QltfiNW/cp/gi/uRcEgZF0IIRlVNgZ:hmgi2RcEgHIRV
Score

8^/10

persistence
- Registers COM server for autorun
  persistence
behavioral13
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/amd64/cx2310x.sys
- Size
  
  216KB
- MD5
  
  93753476d7b6790c9fbfac910c142c11
- SHA1
  
  607cfecfc118f8954f0be370d0ee10d3c9d09933
- SHA256
  
  661f1dce09341ee40a3d617c99a20621afbfb37cd07620f073b6f9f4d4d37223
- SHA512
  
  3a9d2e99b39a5aa1ee83da5d6f6262c423870f14f9bd540afbbd8436b76659aa07269d0d9a300673fa8e8fdcff3b1890a20e296efb1d72cb26ec4d7ab933cbb8
- SSDEEP
  
  6144:WFCF7rD3jjUOjAxph/vkvFpekXbBfe3M7jh:WG7njIO0OoM7
Score

1^/10
behavioral14
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/amd64/cxpolir.sys
- Size
  
  23KB
- MD5
  
  14b1f224d99fa6d8cf448385d86d2875
- SHA1
  
  bf8b149846efdfa85f9d78b34b2e2ad88e54d547
- SHA256
  
  bb120924de0b6797959114b5d038d664d685180a2808ef8784fb095b3b9d1f37
- SHA512
  
  4d00bef1f7c18d2905cdcb4c38502e8425429f397b27a6fa6a924da5bc8b76422c7edb849aeac572f9db3fe84422593977f5fe623d2f42c2ec9717b14d9c26fe
- SSDEEP
  
  384:aZo9kSMo+Bk553pBZ5vz8tQ/vs3CkwlhMbGLEake5YoynmecT+dLC0Hku9Msaabm:66t4pwlhH2e5VymecTfCkmZaaT
Score

1^/10
behavioral15
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/amd64/saa713x.sys
- Size
  
  399KB
- MD5
  
  4cb28358ff510b7796e5e9cf71a0471c
- SHA1
  
  f6a9ea73c03cb113e11fd11d2ad2fe837b57d7a6
- SHA256
  
  34d2588afa647c8551c8b802b57fda9267d586220a681f6a8608207fb5d633fb
- SHA512
  
  ec7cf5a34ae456317fd218c171921140a3ac5f8401582e4dc2a7441266c801adf0b87149a3f16410751896a7e5b7e9c60c677da356d962cf16bb0d81ae9f3bc3
- SSDEEP
  
  6144:82Bst7v0r27zglvR3VgGtNVPr4OhYddyID:nBspa27MVdmOoD
Score

1^/10
behavioral16
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/amd64/saa7231.sys
- Size
  
  281KB
- MD5
  
  eea0ccd8d1aa603d9f5a7136195db860
- SHA1
  
  609b6c6dd32c3be1ce59ac245224ede5503480c6
- SHA256
  
  f6b5cefbd2d36f0c42fd25f8fb8b5807fdc0a87bab299d9f3da65cc460e7a954
- SHA512
  
  9bce0ef582a37e1662a60035436a37fd03b6514385a4d2cbb1d77847ce5e5d1de3427200e577db4af3358bfff3dd866a150a38720692e4cc6aa464517ac735d8
- SSDEEP
  
  6144:xvsk/i5Dqi2l6C7SBvvEvFpuEHLxu/9J6z/:Vsk/q+uj6z/
Score

1^/10
behavioral17
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/amd64/ttm6010.sys
- Size
  
  160KB
- MD5
  
  216a6873a34eb96db27668f2128abce9
- SHA1
  
  ee6f09b88c003714e50c2783e15c770874e1cfd3
- SHA256
  
  04f0f0d6ab22c6fd100e3e3277e54f0f9852b7a2251d1bd8f94befd55fae351a
- SHA512
  
  c0e858ae1a0fa94a188d2be3bd4a2671ec4cfcaca206ee86bcfa17f7c98325e6150dec10a8a6b9654e33d1ec1a88bc116dcaa24cd1c7bb5f9974dee72184df5f
- SSDEEP
  
  3072:hVhoEmXJ0beoQrW+7bmvSZgRCxvYd9VEjx9YHSc:hVhoEJioQDmaCCxvQVEjxGH
Score

1^/10
behavioral18
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/bhkspex.dll
- Size
  
  86KB
- MD5
  
  99bb8bd22f57a326ec870207c83a2d49
- SHA1
  
  7e5f81b90538879d9f444cd8661cdb3b0e357d3b
- SHA256
  
  98ef16b6fb497105d0cc4e99f445f2053b65550d594d0368316fe6898d03093f
- SHA512
  
  d114f4f012a852daf0783a073b0568385c5f8057052caa4072f84a142c80a67bc377fd46afd3ae71e1d50ba4786fd787e6fca6130d3a9dd49bb2fef8ab52ac62
- SSDEEP
  
  1536:FI/pZpTtdBtNKzvlSCCWawLhn2KwjAlsH3tsySGERzNvNhCZ0A:sZpTtdBtNKzvlSCesnmjL3tsySGERzVk
Score

1^/10
behavioral19
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/bhkspex.x64
- Size
  
  103KB
- MD5
  
  d78686b8130fec68e1a75cec4d2962ae
- SHA1
  
  1816da02e7f8f678b11e4152d56b8af9a9c10469
- SHA256
  
  051be9377f04204ec5df434c451231bceca75b04c230b229160b3e27acfc4484
- SHA512
  
  883b89182b48018eea8d9dc77e65fadb769545579f175b5f4360f8d30669f32f748165310609b46c0bfdb628789b089f405aa94cc0a61d4221b83700706bdc44
- SSDEEP
  
  3072:p8N/5h8XgEu5C2QltfiNW/cp/gi/uRcEgZF0IIRlVNgZ:hmgi2RcEgHIRV
Score

8^/10

persistence
- Registers COM server for autorun
  persistence
behavioral20
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/cx2310x.sys
- Size
  
  163KB
- MD5
  
  2da76725622c052da858f3a6765f124b
- SHA1
  
  06e8179916e5546da86e6b34ceafa82d32f4d707
- SHA256
  
  455c77df2f51eb8ec5e12f98a6ea2b783c3097635fe9343d8ec593c3c81d18ea
- SHA512
  
  b36694b9079ea4ae6103f5106069240ee563a27b06effbdf19b39b80435db1c0812c4499f1bda70ffd260f3e13778487657ad14ff5255c735303fe3dcd5ab087
- SSDEEP
  
  3072:fOMZ7TRsp0BTQpstZ2lkdKyuTyIEYAItyauA:fbZPR3+p6Zf3YAIc
Score

1^/10
behavioral21
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/cxpolir.sys
- Size
  
  21KB
- MD5
  
  fa92979513968901734bf63801f7674a
- SHA1
  
  c93bf660c96276378a493beb93a5f273ef248863
- SHA256
  
  363d745974a2f2ef265b2ec070a01dad71265be993a2eacf7d0c9c8c909ec991
- SHA512
  
  713a81992e78d24fc5dc8b1f1f8975086be0f388bf943cf59996e1e4af0d88ee4e10fbf4b9c893a38313d31730cfe9d60d323c55aa14c09cddbfd8da72ead835
- SSDEEP
  
  384:VVuH11c3s0TrafD7rH1XUAV0RC5KuzNvvx0UOSaCKaFW7zQNnfiO5KQ:VVWM80SffTd7VgC5KuB/d0aq
Score

1^/10
behavioral22
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/i386/bhkspex.dll
- Size
  
  86KB
- MD5
  
  99bb8bd22f57a326ec870207c83a2d49
- SHA1
  
  7e5f81b90538879d9f444cd8661cdb3b0e357d3b
- SHA256
  
  98ef16b6fb497105d0cc4e99f445f2053b65550d594d0368316fe6898d03093f
- SHA512
  
  d114f4f012a852daf0783a073b0568385c5f8057052caa4072f84a142c80a67bc377fd46afd3ae71e1d50ba4786fd787e6fca6130d3a9dd49bb2fef8ab52ac62
- SSDEEP
  
  1536:FI/pZpTtdBtNKzvlSCCWawLhn2KwjAlsH3tsySGERzNvNhCZ0A:sZpTtdBtNKzvlSCesnmjL3tsySGERzVk
Score

1^/10
behavioral23
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/i386/cx2310x.sys
- Size
  
  163KB
- MD5
  
  2da76725622c052da858f3a6765f124b
- SHA1
  
  06e8179916e5546da86e6b34ceafa82d32f4d707
- SHA256
  
  455c77df2f51eb8ec5e12f98a6ea2b783c3097635fe9343d8ec593c3c81d18ea
- SHA512
  
  b36694b9079ea4ae6103f5106069240ee563a27b06effbdf19b39b80435db1c0812c4499f1bda70ffd260f3e13778487657ad14ff5255c735303fe3dcd5ab087
- SSDEEP
  
  3072:fOMZ7TRsp0BTQpstZ2lkdKyuTyIEYAItyauA:fbZPR3+p6Zf3YAIc
Score

1^/10
behavioral24
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/i386/cxpolir.sys
- Size
  
  21KB
- MD5
  
  fa92979513968901734bf63801f7674a
- SHA1
  
  c93bf660c96276378a493beb93a5f273ef248863
- SHA256
  
  363d745974a2f2ef265b2ec070a01dad71265be993a2eacf7d0c9c8c909ec991
- SHA512
  
  713a81992e78d24fc5dc8b1f1f8975086be0f388bf943cf59996e1e4af0d88ee4e10fbf4b9c893a38313d31730cfe9d60d323c55aa14c09cddbfd8da72ead835
- SSDEEP
  
  384:VVuH11c3s0TrafD7rH1XUAV0RC5KuzNvvx0UOSaCKaFW7zQNnfiO5KQ:VVWM80SffTd7VgC5KuB/d0aq
Score

1^/10
behavioral25
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/i386/saa713x.sys
- Size
  
  297KB
- MD5
  
  e954d8ded14b5dbfadb1d2689eac721e
- SHA1
  
  5fdee17a5423ee3e6dcd8a02e3331c8228a2920c
- SHA256
  
  9bf0be053a3d5ddf998c57c5e65c3c15bd967619b6da7e28a0d4050b0bf5d7a8
- SHA512
  
  2c971a3316948cbbc1ea46c15ad36c37c4647de98be0ef46a770b093e352f340d7e25a3e636988de9a1a4b6203a6ce443d8e7237f716b9fcea415efb6c54533b
- SSDEEP
  
  6144:4eYecihTQjRHCF31ZYNS+UGNSq2OIp/p/Z5prN6ZuZqe+YKM85vA:3YfihTQ1CmoMSVL0ZCqe+jS
Score

1^/10
behavioral26
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/i386/saa7231.sys
- Size
  
  212KB
- MD5
  
  07dccd8ab55c9232f74e6c5c06014bc7
- SHA1
  
  e82233280c8e77ada8378ac63e10e1dd53b612cc
- SHA256
  
  6f2ee9cbef0a73d1694f47b0ff9a834cc995c5cced50f125a185139d56f041f2
- SHA512
  
  7a0083c58eeaa1e6323352c4b0a5ff3e74acfa1c95adbdec2e81765628a96e1adea7d8ab2c783463940135c239df46f2d449bf0fbf369daa97a3832684739a85
- SSDEEP
  
  3072:S25I9OOS0/p9nS7qOhr7t4LNoXHGzFHLeSCjauQk8CvHuxme/+Y9:SsIdt/LSZr7rGzFHLerjXQk8CC/N
Score

1^/10
behavioral27
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/i386/ttm6010.sys
- Size
  
  126KB
- MD5
  
  a9c812e74e8dd28339a3371639e2f8cf
- SHA1
  
  77e2461d0793f2faf9207b9856811dcca4c24c6c
- SHA256
  
  e27890ced6f30db316766e8d09b3760e16e1219f3db97a6edd08910d718020b2
- SHA512
  
  76b328002006d36c08690f3692878a9e937142b68d6d0f46e1d8bebfd0e4803f27f94b69be6435368bfc248eff88d61115f0f03a0ac31833bf77851afe2d3000
- SSDEEP
  
  3072:hTlBPcOfY6aTiwR1TJfUPAXUk8TYLEhw6IkQviv:hTDfAx1VfiYazU
Score

1^/10
behavioral28
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/install.x64
- Size
  
  82KB
- MD5
  
  6e2f0fb48b31b2af53be3ab282b1a0b8
- SHA1
  
  53ba15cd2e3e0b12fbe12e12a141151099e797e0
- SHA256
  
  a809633d67b6b5ac9983ab8b95db2d2fab9c09285bb619c8aa253c96ac1ceb5d
- SHA512
  
  0aa789037f55de8f8556d1edcb8942db29b387551b8c13724f9ea06f9c8c427f43eb7bc4414fc2a41d8c357c99b9eba9307825cbf9ac0985d0bfac4f5d4c84e2
- SSDEEP
  
  768:GfPeO+ImVbCz1gPog7vtADmWF9yF0efV6C20k5IEBNfoRmaz4XGl2pO+5:KPeRImtb3WeFPfV6CfkTBK9EWP+5
Score

1^/10
behavioral29
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/saa713x.sys
- Size
  
  297KB
- MD5
  
  e954d8ded14b5dbfadb1d2689eac721e
- SHA1
  
  5fdee17a5423ee3e6dcd8a02e3331c8228a2920c
- SHA256
  
  9bf0be053a3d5ddf998c57c5e65c3c15bd967619b6da7e28a0d4050b0bf5d7a8
- SHA512
  
  2c971a3316948cbbc1ea46c15ad36c37c4647de98be0ef46a770b093e352f340d7e25a3e636988de9a1a4b6203a6ce443d8e7237f716b9fcea415efb6c54533b
- SSDEEP
  
  6144:4eYecihTQjRHCF31ZYNS+UGNSq2OIp/p/Z5prN6ZuZqe+YKM85vA:3YfihTQ1CmoMSVL0ZCqe+jS
Score

1^/10
behavioral30
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/saa7231.sys
- Size
  
  212KB
- MD5
  
  07dccd8ab55c9232f74e6c5c06014bc7
- SHA1
  
  e82233280c8e77ada8378ac63e10e1dd53b612cc
- SHA256
  
  6f2ee9cbef0a73d1694f47b0ff9a834cc995c5cced50f125a185139d56f041f2
- SHA512
  
  7a0083c58eeaa1e6323352c4b0a5ff3e74acfa1c95adbdec2e81765628a96e1adea7d8ab2c783463940135c239df46f2d449bf0fbf369daa97a3832684739a85
- SSDEEP
  
  3072:S25I9OOS0/p9nS7qOhr7t4LNoXHGzFHLeSCjauQk8CvHuxme/+Y9:SsIdt/LSZr7rGzFHLerjXQk8CC/N
Score

1^/10
behavioral31
- Target
  
  SetupSoft(x64,x32)/Uses of Additional Files/WinAll/BeholdTV/ttm6010.sys
- Size
  
  126KB
- MD5
  
  a9c812e74e8dd28339a3371639e2f8cf
- SHA1
  
  77e2461d0793f2faf9207b9856811dcca4c24c6c
- SHA256
  
  e27890ced6f30db316766e8d09b3760e16e1219f3db97a6edd08910d718020b2
- SHA512
  
  76b328002006d36c08690f3692878a9e937142b68d6d0f46e1d8bebfd0e4803f27f94b69be6435368bfc248eff88d61115f0f03a0ac31833bf77851afe2d3000
- SSDEEP
  
  3072:hTlBPcOfY6aTiwR1TJfUPAXUk8TYLEhw6IkQviv:hTDfAx1VfiYazU
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Unexpected DNS network traffic destination

DcRat

Detects Smokeloader packer

RedLine

SmokeLoader

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Registers COM server for autorun

Registers COM server for autorun

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32