Extracted

Extracted

• • Target

    0df316a92d290f75d5514aac98f103fd50488c4fddea761f5e15711ae292caea

  • Size

    1.1MB

  • MD5

    8340cbf4ef9057869a36252052ffc8e1

  • SHA1

    8c73e711ccf9318d092c507dd7b71b1690260830

  • SHA256

    0df316a92d290f75d5514aac98f103fd50488c4fddea761f5e15711ae292caea

  • SHA512

    3ee36fca63968ffa9cd5a2d8452c7e212474b89b99551a0637b9159dbe7ada921fc120678bcc765c34acf675fbec065a037a94186418255ef4ff52427e5fb442

  • SSDEEP

    24576:cyKQNVM5Q9PsZC6WxKCsMW3Mu5ZniHk8XTlXzioihKJ6:LhNqQpLJx23hiHkodmjE

  Score

  10^/10

  healerdropperevasionpersistencetrojanamadeymysticredlinedartsinfostealerstealer

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Mystic stealer payload

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2