Extracted

Extracted

• • Target

    6062be2d025d361d3f9e55025df28d480bf4af4173370ab7f864edd5607b8ff2

  • Size

    1.6MB

  • MD5

    438aa744ad50d178d14cff58650170d7

  • SHA1

    c7b2bb880271ba1d802bf380096e9c21d906b104

  • SHA256

    6062be2d025d361d3f9e55025df28d480bf4af4173370ab7f864edd5607b8ff2

  • SHA512

    4970d8bf30f68d93eaddbab400208e40cf5d7d8401d8e4787e61e0aee9feccb22616d73716ed49ae940b63e53d2910a391e8bdb97e413c25af76e6f1a5e3ef7b

  • SSDEEP

    49152:S+rE9uKjA588ZoQsdt2ntZOHPFbCfOXmG1Fe:Do9xMXiv2tZOHPxCw

  Score

  10^/10

  amadeymysticredlinesmokeloader04d170gromebackdoorpaypalsteamdiscoveryevasioninfostealerpersistencephishingstealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Amadey family

    amadey

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • Mystic family

    mystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Smokeloader family

    smokeloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Detected potential entity reuse from brand PAYPAL.

    phishingpaypal

  • Detected potential entity reuse from brand STEAM.

    phishingsteam

  • Suspicious use of SetThreadContext

  behavioral1