Extracted

Extracted

Extracted

• • Target

    7a8091adae649be1b60dffc3835d7ca8b068f78925aa22e4fbb610ac261da3c2

  • Size

    5.6MB

  • MD5

    56dae66fe9e918710134238e6ad5baa3

  • SHA1

    fa75388aff74f2f4abe1ee726c93d3d2822b9a68

  • SHA256

    7a8091adae649be1b60dffc3835d7ca8b068f78925aa22e4fbb610ac261da3c2

  • SHA512

    ef89d142abe55bd2d6e0c238f0a5f3c7b57b0e43377a75d44ba4172d7183c4c13dfcdafec031d00c35b55665048eb15e43581c5d1e07d525ea2b944b08dff39a

  • SSDEEP

    98304:5ZMw7Ejk+oFsVrNcHSSrkTDOJ7qCL5XBpW+6dTUy/sl:5ZMw7EjkQVroBkTDOV9PpW++TUt

  Score

  10^/10

  amadeylummastealc9c9aa5talediscoveryevasionpersistencestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Amadey family

    amadey

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1