Extracted

Extracted

• • Target

    Setu_WINFile_x64x32/Set_WINFile_x64x32.exe

  • Size

    667.6MB

  • MD5

    42cf398e01cf3f15dc1575bad83b703f

  • SHA1

    d3556d724fb4fffdb256d2ceb6ae715d8663cd10

  • SHA256

    344e36cb4ec5e07ad74f5ee8122575f872048a698d058a9d02ffe4f15f88f810

  • SHA512

    8eb5b30cfb993d8bfaa8234b0f1856f81847ede0522c6cac7a2adaaaf9fb37119f7031c73a64ea6bec93aebf3695a380c38a999e7186323f2b0d6af954162d02

  • SSDEEP

    3072:eD6LUbp7KirwsT3cOHC4HIr0tr19ZyUa+zqBMxvKrf+LigBh2AGloxQNwed2tsp9:O6Awi0sTMOtH6crLdkWTpLedGEgGTMQt

  Score

  10^/10

  amadeyredlineinfostealertrojanupxspywarestealer

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2