Extracted

Extracted

• • Target

    48a3fbcc0f4c9649eeb3e94e532de3b50f11e0221a4e1089758ae2cca1348ffa.exe

  • Size

    1.5MB

  • MD5

    7f5f4a01766ce8e3a62e2500295b4f62

  • SHA1

    207274b60050750baf6acf9ed6ccc0f5190060eb

  • SHA256

    48a3fbcc0f4c9649eeb3e94e532de3b50f11e0221a4e1089758ae2cca1348ffa

  • SHA512

    5530031af67a5da6342a989cee9ebfb9551e83bbf7a5914ea388aff4ef7435935c3ae4a15600578d0a2c1cce37472f3f8a20c4a7e31e510a6379fb780c8ad223

  • SSDEEP

    49152:6jh3gXlMsVdcsGlohngjhJflpaywgGxWIQ72:e3+lMsVdTG6ngdPpaywNxW2

  Score

  10^/10

  amadeymysticredlinesmokeloadergromebackdoorevasioninfostealerpersistencestealertrojanupx

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1