Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    5cd95da641157a66a3ea1da55e6fda54314ac0e6893071fef8609b345fcb5a7e

  • Size

    1.5MB

  • MD5

    080c52f6788b870d7593abf628e832e3

  • SHA1

    1eb8b642501e15a9378c8b17d150753c52c59e16

  • SHA256

    5cd95da641157a66a3ea1da55e6fda54314ac0e6893071fef8609b345fcb5a7e

  • SHA512

    f801937417bf5ed7441659a89d1a75600e69e729b64e88cf59d445f783f47c4ec332db93dc751d34d7dfaaf24532b4a9b6b4b1d64fbd637ed273e23a0fe377be

  • SSDEEP

    49152:9ejzb2X7OlNInZUU40+q+BFV46Zl3nhe6vN:0jzb2XClN9B09cj

  Score

  10^/10

  amadeygluptebaredlinesmokeloaderzgratgromekinzaup3backdoordropperevasioninfostealerloaderpersistencerattrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect ZGRat V1

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Stops running service(s)

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1