Extracted

Extracted

Extracted

• • Target

    b2cff0d377a724cadf0bf0d0e0e267172ac549f0ca1dc.exe

  • Size

    1.1MB

  • MD5

    455ae162b4b1a8e7d0a468a14449df24

  • SHA1

    5610c2357e753dd460b6ee619c5f153a96ef66b7

  • SHA256

    b2cff0d377a724cadf0bf0d0e0e267172ac549f0ca1dcf9d6c8e83e2fce737bd

  • SHA512

    defbcf32638a6c5bff584d50e619eebf3c4755a811dc556607205b67dc4c6492b0a1090da773893ea070109af8456b15b708e3910407baa9c0f5bd2175306f9a

  • SSDEEP

    24576:By/TVqFwGpgWI9zEhu7tH3lLG5dYXZd1qBdGAs5n2txU:0BqFt41LKOvQBdyc

  Score

  10^/10

  amadeyredlinesectopratghostworkermrpenguindiscoveryevasioninfostealerpersistenceratspywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2