Extracted

Extracted

Extracted

• • Target

    0514395a778941a5876251dd3d81ab440011d4e8847755e68ebed2fb05ae7307.exe

  • Size

    1.7MB

  • MD5

    54653af9a150e18cbafede01825b269b

  • SHA1

    d923abc1efc2623ffab48aa910101ee21e3cdb22

  • SHA256

    0514395a778941a5876251dd3d81ab440011d4e8847755e68ebed2fb05ae7307

  • SHA512

    81ae62a4d0d4524f4a7730e3a24864cb9f002ea61e9a384c31bcd41f0515b1ccc2f1e873906bbac96e1a9b98818dac4ad417d96cce21fe470f215ad4ae2fd7f2

  • SSDEEP

    24576:yydIrbu/YHX2v6ptVid2Esc2mWLDdsS7K54la77nCmK0Svr80TN0oiXyMhvjzWh:ZiqY32CptUXZ1YpK54U7zGDYeSBvjz

  Score

  10^/10

  amadeymysticredlinesmokeloaderhomedbackdoorevasioninfostealerpersistencestealertrojanupx

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1