Extracted

• • Target

    c065ba22909fc8dbded4ea0eebb24ad5.exe

  • Size

    1.0MB

  • MD5

    c065ba22909fc8dbded4ea0eebb24ad5

  • SHA1

    b3d61dd7519be3d2909be9ce2d28f65ec7f9965d

  • SHA256

    9817f4d8bc1374f102196cfcb8a351abdc0563dea60f6084a7525e5ee5409b6d

  • SHA512

    b8621a86897e0da506157225ef049e92e6c6bff9837e6e2a2b55328b6931e8bd484e57dba9d2fa532728a7e35a36918a1f699cc3a9af11d26ac1fbd4fce72814

  • SSDEEP

    24576:vqJm/Xl+FIqBwq4QlGsljfzlE6J4zYfs6nScxy63:S4l+OqyLQHugVfDnS8y63

  Score

  10^/10

  amadey550eb4discoverytrojancryptbotspywarestealer

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Detects CryptBot payload

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2