Extracted

• • Target

    mtk.exe

  • Size

    4.0MB

  • MD5

    0dbaff61a0d7eb35c23542fe980c8e30

  • SHA1

    a65bce229a1f0143c6f5c86a205da15d74652335

  • SHA256

    0771ddc1515150cf7bb2eaed7ce17db58bf1f3f963ec60b28e29266763c92594

  • SHA512

    d59cc95efbb06b98b32ab0f52596aad4cf8b72a2390cddee8237301ee284995421fe98aff13a967db34d49759feaeac51f76e23d4d49397ef81fb003075adfc7

  • SSDEEP

    49152:5hkVUncRtu1kPxXzEgDH/0nl0efk6e4Ath5+hY7hYKJ+NFK2Z0N/eEDNIGuWFlva:qxJDhlEF0N/e06Wrghxt

  Score

  10^/10

  amadeymimikatzneshtastrongpityevasionpersistenceransomwarespywarestealertrojanupx

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Contains code to disable Windows Defender

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Neshta payload

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • StrongPity

    StrongPity is a spyware developed by PROMETHIUM APT group mainly used in government sponsored attacks.

    stealerspywarestrongpity

  • StrongPity Spyware

  • UAC bypass

    evasiontrojan

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • mimikatz is an open source tool to dump credentials on Windows

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Winexe tool used by Sofacy APT in several incidents

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2