Extracted

Extracted

• • Target

    31dc62fe8c67bcf7de78a3c112142d6bd3cf9b5618763724c3517d538ba3ec85_JC.exe

  • Size

    1.7MB

  • MD5

    9b813267a35cefd3aee3a54fc0c29564

  • SHA1

    367fba7b9f9febcb0bbc518c4b3410a51beadfcf

  • SHA256

    31dc62fe8c67bcf7de78a3c112142d6bd3cf9b5618763724c3517d538ba3ec85

  • SHA512

    bd368e75f64807ec804a2f90737a1cb428740b9feb223b8820c27a4f82336e82db65e52b9eaf42631e8ea1742e42a2b0d63c966243cf95e085aa8ff96e6662fc

  • SSDEEP

    24576:WyeyRqsGJ6XovowX3ZPpMa/BplqsSWd3+2BMTGfgK4BPIlBdBKlN0TalS14ZK:lZ4/os/zJzqsSWdYACSal

  Score

  10^/10

  mysticevasionpersistencestealertrojanamadeyredlinefrantinfostealer

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2