Extracted

Extracted

• • Target

    16507e0d31203c35d54e4deca192b4bb.exe

  • Size

    229KB

  • MD5

    16507e0d31203c35d54e4deca192b4bb

  • SHA1

    b25ab6686ff5fa410bc1b24fc123cc42bff78c27

  • SHA256

    1b91c65e1678d7a0101659f5509c60a879ac638e2958d16bfc4100b8b1d6c825

  • SHA512

    5eb3b9fde3360989c397c5c16fd3724f84f14658710fb0d6f03acf51d358df96a9cbdc0797b7af298f334c6898aacbd54bc524e38a1cad6584b260b7cf34d248

  • SSDEEP

    6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB

  Score

  10^/10

  amadeyauroraspywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2