Extracted

Extracted

• • Target

    file

  • Size

    430KB

  • MD5

    6a80d0a49a547e7634e6a3747d995ac8

  • SHA1

    1729530fa0f1897ce2927d04e61ef3d34b509711

  • SHA256

    9caecc47d2e4e9758cd72483a679ccbc2ba4c6bc7966fa82eccbca74404a457c

  • SHA512

    33dc9cfc6ab171068a31782a5e9d855d227a0e42eeef364131cf8fc52e8e7af165babff004b8db269d055e0c435a15f4016a09b9332330b3bbf80ca441d0438f

  • SSDEEP

    6144:Kny+bnr+9p0yN90QENZCuLS2EL02Nv//EOBRhwSSLuUl0SXmzbIvuvw1X767:9Mr1y90nYuO2P8bmSSLuMDuI767

  Score

  10^/10

  smokeloaderbackdoorpersistencetrojanamadeyhealermysticdropperstealer

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Mystic stealer payload

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2