Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    topaz video enhance ai crack windows/topaz video enhance ai crack windows.exe

  • Size

    816.4MB

  • MD5

    0ed473ad80f4539c46f043e7d14d4e85

  • SHA1

    112d4a25c16a12190e8bc8d5c35346d0eb47acb8

  • SHA256

    a903f61b3327529f59ef005efa7b41bdd91ce259b8f4422e1c9c13e5267b2117

  • SHA512

    47ef94feb19a7d8de63ae45949369c37624e801afcaed80f31556f700389f8ec02d0546de3a5eda7ae83d2724e8860d7b5b8882ccbdb7e0be766cd280ea8c320

  • SSDEEP

    393216:TAVchpPmaXtrAPxE3DjM16vbuo6EigC/Reiaqakjaz8BTwZeJkjoboj:ucFtkPxlqKo6T3Rtg8hv0

  Score

  10^/10

  cryptbotlummaredlinestealcvidar3a15237aa92dcd8ccca447211fb5fc2adefaultlogsdiller cloud (tg: @logsdillabot)bootkitcredential_accessdiscoveryevasionexecutioninfostealerpersistencespywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Detect Vidar Stealer

    stealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Creates new service(s)

    persistenceexecution

  • Downloads MZ/PE file

  • Stops running service(s)

    evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    EarthAccepting/Limitation

  • Size

    80KB

  • MD5

    0732937d35617fc70025d70b3101ad38

  • SHA1

    1f822534503e8b7c433f1133c6325a8bb9c4656a

  • SHA256

    d0345655474b9da78e7374784e0e7629787307f55033c5243e3681181eac8682

  • SHA512

    62b872630d820dcdd7b545ec7fc74f1acf304c3ca4cc361a677cdf834f31fca2ce2cb67e2f69c267efc493f3bfd7ce2c33529fbf5fcb405a2b9da89029db874e

  • SSDEEP

    1536:0+/m1NmkIp5KP8SCVY5vmMhBZ5fnj3jpVALXXjNG6pF7JT/Dc9V9EbAhnCF:0+OX6p56CVYHZ5b3jpVq3DB7cgsCF

  Score

  1^/10
  behavioral3behavioral4