General
-
Target
r2.zip
-
Size
9.8MB
-
Sample
240509-wc83aahf33
-
MD5
1b2db937b94746dfea7bf3abe2e394e5
-
SHA1
a278b4fe5358ef6a52d0258deb2560fae65c185e
-
SHA256
9805f81a13aaa68a2026a38b70b1fdd1d76fee0ff63916c669d728c6e4dc3b7e
-
SHA512
6d5be98ab203bd78e46f351fd601316c8f6dd95b643b6be7922c60129233e71b7038d8dda27308c2f05e474e8f97db1266604c31d5b9060d5ef21113c8ac3ca4
-
SSDEEP
196608:biG3mBoHVso5pRYhKSVRwv9elUNbksgBcNCreo8uSlrUbQm+sQEIDPBCFHWCVHL:bMoJpSKE69eiNIBUZLlrpm+/D2WC9
Malware Config
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Extracted
amadey
3.86
http://77.91.68.61
http://5.42.92.67
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
krast
77.91.68.68:19071
-
auth_value
9059ea331e4599de3746df73ccb24514
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Extracted
redline
5195552529
https://pastebin.com/raw/NgsUAPya
Extracted
amadey
3.87
http://77.91.68.18
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
-
url_paths
/nice/index.php
Extracted
risepro
194.49.94.152
Extracted
lumma
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Targets
-
-
Target
0fcedda9880a4fde053b44d2ef2a6b90a87db74ea8ef6e1605822364dcd8a881
-
Size
390KB
-
MD5
4cd2e5b028941f82914293c0be110810
-
SHA1
9fe5e00f5defc489fae2355ead82831df654a13a
-
SHA256
0fcedda9880a4fde053b44d2ef2a6b90a87db74ea8ef6e1605822364dcd8a881
-
SHA512
e0f1a31d99aea178209adb6eefef489702d2872584130582585369f9d9abb4ed0d70206af0a755c111436c6b77d0e78c6cd8582d015bf6ab594a1b9641e46033
-
SSDEEP
6144:Kvy+bnr+8p0yN90QEP2QZUjtQ5JZep0uGXbA6I:ZMrky90C2sDGbI
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
2432f37cfbe720ce2f627a725367676d71bb944d2306c1eab9bab6b0cab5e01d
-
Size
514KB
-
MD5
4e89c8ab274dd94465d49ed7b67e9979
-
SHA1
6048ea64bf04018bf560334945745677c0d5f1e0
-
SHA256
2432f37cfbe720ce2f627a725367676d71bb944d2306c1eab9bab6b0cab5e01d
-
SHA512
184e6166d71ecc0d898e4417e261a9c64a5419378555c04a5e4db1f64ad10906f4fff5c37d1a25b1523a5bb2a8de010518a8c215ebcab7318322338ac9aea2bf
-
SSDEEP
12288:gMryy907GpFrreamboOBlpUn7NeXsLrhtRBW3eaXDi:iyEq6ayoAun5eXsH7RBWOaXDi
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
2b87c7a59a469adca1693ceecd7fb1ea4eb1bb095a55e316a96eafda54e2285a
-
Size
390KB
-
MD5
5151da14da5318506c76f8f0bf8f2263
-
SHA1
ee1e6b8c177e075ece88b6186b97a1f1d878eebb
-
SHA256
2b87c7a59a469adca1693ceecd7fb1ea4eb1bb095a55e316a96eafda54e2285a
-
SHA512
35347e37d11b914a0b69f6d8592d7a7782c86c196a4b16d8415eb2d5c135ecea9223d63212f15dad61e023cc706caf29b1839bd55281d033689eb93edce6d742
-
SSDEEP
6144:KMy+bnr+ap0yN90QEkHAJLR3gWt7ooOsikfnmTT7SOV/MQtmauilIlYJRZBtg:sMruy90+HAJLR3gDvtkfSSOX96mPC
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
2d0e9487b9ef5db2eb0500ce9a5ed167ceb3c1f271e1a50f7283d3ed521cb67c
-
Size
767KB
-
MD5
4ce629f8747eda6f87736e78bdfa16a9
-
SHA1
17184f40285443cc76533b58363b13cd1647ad99
-
SHA256
2d0e9487b9ef5db2eb0500ce9a5ed167ceb3c1f271e1a50f7283d3ed521cb67c
-
SHA512
1aff9c893365d2cf73edf1634964f09c50665f6d4b057bf3ca8352c97ca9a488c5bfc17ac1d69c8d31e1b0e9800017765aba5374362a47ef758f18a66db0148a
-
SSDEEP
12288:cMrGy90KcRXwceOU3O7iGzGz6AOrFilv4k425Uvy2hl+nMLAUwoNTeWsIk:iy9e893OuGzGkrFiGkL5Ur+g1k
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
305a49521aa7fa93bdb6f6a01420fcd3800a565c32194a366c1d6a22f8f00da8
-
Size
390KB
-
MD5
556b6f8063b6be20e9c3cce8da51432c
-
SHA1
0fc90e69928de47b6dc5502fefa2eae4f82805ec
-
SHA256
305a49521aa7fa93bdb6f6a01420fcd3800a565c32194a366c1d6a22f8f00da8
-
SHA512
02aa56be7edd80292b1b1f325ef1a56a9a60ff004c3b3fdebc90e5a4ad9b1f68fdc0c659ba3a37673ccdce41d9d26f39619a0df6a9fa6b0dfde7033a8813cf04
-
SSDEEP
6144:K6y+bnr+rp0yN90QEqwfVzEk+363cTtpEfG3SCVCzhyYc7SdMMMQ0OoJmCUKWLA:OMr7y90cIzu3ehhyYcOdBzIfUKZ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
34eac23d05376694cf25e5de3b6455451ef743f0f766b72fa3e5b94726010c83
-
Size
389KB
-
MD5
5129e2aa9577a88546b213ba9aa633e2
-
SHA1
4b5dad0b02d1a52f709bc6440327600bbe2e0a79
-
SHA256
34eac23d05376694cf25e5de3b6455451ef743f0f766b72fa3e5b94726010c83
-
SHA512
cd156016266dbbad12cb970d11101fce04cf2a15fc4528d77b606a54b5ba16fe5b7401801011b72ee8b9fba752048ac57e57413509af5a793d67519ca829e4ba
-
SSDEEP
6144:KQy+bnr+ep0yN90QEiS5QTUfkLMG/8FNRkHjQ18xWMmq/908ykUlvmpZ:UMrGy90ASa8y/0kDE8y9sX
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
4288cf23e3f7079623b595c70496f28f4678e173ed25b2ef6101e66d3e99e2b7
-
Size
514KB
-
MD5
553e00500d378ac6c88ebcb49f0c11b2
-
SHA1
b0640e712ebde50090ee39742411f065e998128c
-
SHA256
4288cf23e3f7079623b595c70496f28f4678e173ed25b2ef6101e66d3e99e2b7
-
SHA512
3102d0c6d812f7220f60816f48e6a4d9dc0cfa84fe4fba947e661fa03f7870edeff42fdbb3f4df82040dcf5f8c2241187bb6264c59687a2a92ace8dffbf6399c
-
SSDEEP
12288:rMrry90RaLXTfYqGozYJ/1epNJeGQ9Fyw:IyNgqGozYB1eXsGQ/d
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3
-
Size
492KB
-
MD5
c40f810518e4290ab7fc1e07e5c83ff9
-
SHA1
9f8bc2e44eb00b71047c04864e007225eb9779c9
-
SHA256
566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3
-
SHA512
044be66f51e52b07e77105dcf1ab2b1c099636eaa557124e5e442b6c6383564d578c21f1a6a0a0a0caecb433a16a3f552b27aa5e714cccaf9bc01f2b741335fd
-
SSDEEP
12288:d4w4rJNNGCt//w5qVN2iu79mnxhyC4GNq/SBoCe:/4rfN5Xw5qVN2H79mrymyR
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
5b49e20d688471002a1cc866e323e32a0e0a2f1e92fd2f057979cd27a850f44b
-
Size
390KB
-
MD5
c2d23a53e4099c1c7126c1e6e332fb12
-
SHA1
22f111c42bff48f88be368920886195dc990b3fb
-
SHA256
5b49e20d688471002a1cc866e323e32a0e0a2f1e92fd2f057979cd27a850f44b
-
SHA512
7251bc4c9dca30f08baafa1e4b9572a20d026a351ba7b5482190f605b41087a25da0f259e0742adf796f556a42b5d09e1a05d0909ae947a830fdd30ffa280bc5
-
SSDEEP
12288:5Mr/y90WOOEnMEY4/7kJByGYpEzPCGDk:myZpEYgO55zaGDk
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
6c3c673ed879b79fe56de07cf67f2547b37ddb371c94a074e9184833681145b1
-
Size
389KB
-
MD5
54c918a054a58d3fe6838ce4c31344ae
-
SHA1
84132b9e7a9dfb09181d37588e2d69c9dfa7d8c7
-
SHA256
6c3c673ed879b79fe56de07cf67f2547b37ddb371c94a074e9184833681145b1
-
SHA512
2847ba4171fd4a050fce828595c3b066de2b69afff4f5d72877d36c24f14db541610d6260cd44c7530fc026792c1b5fae9f93b8b7dd18eaa870f9d86b14bf091
-
SSDEEP
6144:K0y+bnr+Xp0yN90QEcHiyKnpVK7KFibk30yxOF+2SlqcK+usm64j1pSSQAJM2Y:cMrPy90GSpk7KwbbyxwMqcRusmDZG
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
7ba1ecff945330ba39b0d1bc0a81272da1abf8acbbe727db52a09c23c16c0c00
-
Size
390KB
-
MD5
50934aaf7bdeea19404491b568fad850
-
SHA1
4ca4dc3557f0a6e27595e1a72c33129ad3bec595
-
SHA256
7ba1ecff945330ba39b0d1bc0a81272da1abf8acbbe727db52a09c23c16c0c00
-
SHA512
21caa908bcfc5cd3c4c2970ed8c92931887b2e0b3776c992bfd3b66aceff6060c5bc7d047119deb3796bb2107460490eefa3c8f09a6d7fe09e675d2d78909067
-
SSDEEP
6144:Kpy+bnr+op0yN90QEzksTLHBIoxvFznqrZatQxQqw5PgNpxCYqDNgOht541GvAY:HMrgy90emLHJvFzqrZavu061GvAY
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
7fc78a2450a642c8ab25d22c58c9792408d566a5b9043d95b64f6b407d9d8225
-
Size
922KB
-
MD5
4d6bc87a5035be0d2eff75f9a663f7a7
-
SHA1
a427033287f275020232a2f96e8413f7ffc9b400
-
SHA256
7fc78a2450a642c8ab25d22c58c9792408d566a5b9043d95b64f6b407d9d8225
-
SHA512
c2168b460ec7fe2f6af5f3c4103a3940aa2b4da642790ddb2efa69463f71f2cb1b3183bbd9ee5f8c5046d9b56fafd89c79eea19ca14c0467a8861af4ea3c8399
-
SSDEEP
24576:QygOXaCEQ2qvM8W8KNJv+w7pg9uz8aPjsER:XgOqCEYk8W39g95qY
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
80c33721dd8916cf61ad4cfe3a1f57bd083b1adf9fdad50707739a67ee1c9bdf
-
Size
390KB
-
MD5
513a509c250dcbcfb62c1b6191fc7e53
-
SHA1
178f6536c34418890075aba7cab396d4da2d487e
-
SHA256
80c33721dd8916cf61ad4cfe3a1f57bd083b1adf9fdad50707739a67ee1c9bdf
-
SHA512
d1260a8e442870e4ca64b0cc91be943724200a8a931facaab8c0a6109752bb733dcae7bfbea4aa3b177bbee6e09f4e297ccd8929ca942d83c06a82804419c044
-
SSDEEP
6144:Kmy+bnr+6p0yN90QE6LoizgY+72NOaqTyDwtqmq/zQ2PLLsK2CmVuCcHnlRHfOFl:GMray905isasFu1mI/PwlcHnl9qRVT
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
9c63b1ba6018935ad5e5fbb92f79d2bbd6eeb9ee0520ed5cbe7b9e1213eb33a6
-
Size
1.5MB
-
MD5
c30d6278694817d3cc99f6ff5265da74
-
SHA1
350567243f65ea38c3bcbc24fc93272e4e46217b
-
SHA256
9c63b1ba6018935ad5e5fbb92f79d2bbd6eeb9ee0520ed5cbe7b9e1213eb33a6
-
SHA512
3963175ae52c90b743dbcc1b38220ab2abcc10916558053c1a6f13ac52ca426aec2394ddf5220f482c48ad9e08955704b4764289c26f50a45ee648297b5b4a89
-
SSDEEP
24576:cy51XtT3ttYzCJsw66AMLRzIdYiQceweiSKE70EpUSn6qY0I+mUNNqU:LHXdttB0uJKjQTkE73pBDY0I+JNg
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
ad95249c96bb70f2fde592c74bf9bfaa2f25de9282a90943574ce4e547731029
-
Size
918KB
-
MD5
4e8759ab9a8b5f7c4f66a88a89ded7b9
-
SHA1
0d8b409b1a28cb898951b534878586da01179b0d
-
SHA256
ad95249c96bb70f2fde592c74bf9bfaa2f25de9282a90943574ce4e547731029
-
SHA512
25cb5ec44688de16636b97d082ba9821fe135685f16c9dc9211583bb60f98a7120d22ef772ae7ab68bf6b33a71d0bcc6fd266ffdb04bba7b2e4d0af63b3b851e
-
SSDEEP
24576:4ycoiRyR63BFw1QzzRQ3Uc+3k4aMm3KCzylrULA4Dh3nqM:/cois/8NQ3Uc+3XaMm6rgLA4DB
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
b3b9cd87ed117eff25ebae286512425b6d778c82802a6b097ac45b68e438e159
-
Size
390KB
-
MD5
56d34cca840bb1840d959c7bfa71f175
-
SHA1
14af65fb8f211962bd73452aacd0a7076bf49feb
-
SHA256
b3b9cd87ed117eff25ebae286512425b6d778c82802a6b097ac45b68e438e159
-
SHA512
5b05119212623f0c392c2c7577fd898a5e7e20c89b104f83b09b0220a8fa0aae1b175b54fe7114cf56d30af2a52b82e034e6a35544775f0de51465ce1c40af49
-
SSDEEP
6144:KEy+bnr+Cp0yN90QEBM1UkWcnZNbS6AxEUfPvC+EWgDzyGsj6U:gMrqy90vMwnPqW/GzU
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d
-
Size
306KB
-
MD5
5289c70cd98e713d4074b37ccdb48139
-
SHA1
6711a067f0228f67e0585df2ca478b361124244c
-
SHA256
c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d
-
SHA512
4819dbc5b0fd6b56eaa5a45adb78db8a62982fd7bcf127decf0a41254ae5b9d572cfbfd1fd08038cf1083d0e788f53f476d583600169b8eb537811ab8ceb8b00
-
SSDEEP
6144:1oZd9vSWh60RVAtljy11wMChzxz2+aPie45e8q/4I1mupJyL985:CZiWhHWVbFaKeb8q/4uf7yL985
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
c69d581e2c9751820b591c60023bbffd16aa66ad26d0c76b20574cdac2cc7be2
-
Size
320KB
-
MD5
c7c86ccb7a8447c0fc280c1677d5bdfc
-
SHA1
47c05e0511f3d29afe982bf266cb420cc85cb0fb
-
SHA256
c69d581e2c9751820b591c60023bbffd16aa66ad26d0c76b20574cdac2cc7be2
-
SHA512
5015e11b3d4857a07cfd27d5f176721b0eeede05e675ff6ffb2546126853164f580bedcc847d9ceaf9a9916478a8c41355015c2c2764124b7e47dd2521ab13e3
-
SSDEEP
6144:K0y+bnr+Up0yN90QEqrKEP3ve7yRfsK6KRFjEXtaBv762LA0iRddbIq5xA:wMrQy90cKU/e7RK6KRdEXYp7tbiv1x5W
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
e3c9a1721d8f0eecf6a7e81b32b9823a4952d636d4930a9cdfae0876cf293d3b
-
Size
1.1MB
-
MD5
4c57105730828c98c61e10949fc25950
-
SHA1
b018b8964a21ec971d7a8e3480ce28976012374c
-
SHA256
e3c9a1721d8f0eecf6a7e81b32b9823a4952d636d4930a9cdfae0876cf293d3b
-
SHA512
ead8b5fc20e1a9f2125f2f7338edc844f80415ef768f02753dcdc51140b811ae2fb60f0d77226418a433746a28c81296f1a8b41333eb6b7c59c9f52f82e1f378
-
SSDEEP
24576:8yqOw0U5IPpj5uiUgnhUaO6O/xaGRxr01X:rq50U5gpJUD6lGRp
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
14Windows Service
14Boot or Logon Autostart Execution
17Registry Run Keys / Startup Folder
17Scheduled Task/Job
13Privilege Escalation
Create or Modify System Process
14Windows Service
14Boot or Logon Autostart Execution
17Registry Run Keys / Startup Folder
17Scheduled Task/Job
13