Extracted

Extracted

Extracted

• • Target

    file.exe

  • Size

    356KB

  • MD5

    3ef6d0d9ca0bc4b00d304ee370853a4c

  • SHA1

    a188652de504e6e53a0f1560fcdd315a409d1ad1

  • SHA256

    8765a0a92fa60c2a4d21ca073dcf805f320c2e3d07703b97638b38888fe25d23

  • SHA512

    42b7375dca8da5c1cfa65bc0b8aef15155a5fea8ef1199ea0cd874693b3bd98d01d4cb4b38ed0fd7ef549ad8121ceea6c1d6c462d757793e3f21ceea0fcfbc5b

  • SSDEEP

    6144:rUyuwgfYypdScEGyH2VXisEYvo1JwgeDsizp7qdq:rUyuwgfYgSiyWVXzEYvoXwgeDseH

  Score

  10^/10

  amadeydanabotfabookiegluptebavidar4841d6b1839c4fa7c20ecc420b82b347bankerdropperevasionloaderspywarestealertrojanupxmicrosoftphishing

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Modifies boot configuration data using bcdedit

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Possible attempt to disable PatchGuard

    Rootkits can use kernel patching to embed themselves in an operating system.

    evasion

  • Stops running service(s)

    evasion

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Legitimate hosting services abused for malware hosting/C2

  • Detected potential entity reuse from brand microsoft.

    phishingmicrosoft

  • Suspicious use of SetThreadContext

  behavioral1behavioral2