Extracted

Extracted

• • Target

    aa4753390d564107863357e270663385174e66c1d75c24aa211fedfef4ef06fa

  • Size

    7.0MB

  • MD5

    3a41c8a33484f96bc90e2cb48e991b2a

  • SHA1

    b54959b4847473baa24620ab2e0dbdc2f0062118

  • SHA256

    aa4753390d564107863357e270663385174e66c1d75c24aa211fedfef4ef06fa

  • SHA512

    6474a44b0025fdda52c188a8d24b04fcf057356a8551a79aa282807f446e0f97761ea3b87f4654ee6b33ebc58bdbe7190656091593755ecafd0e318be5b5093b

  • SSDEEP

    196608:/jofebKHGP/rZGuIWy1hs2RF+4EL4l3Qee:/jofeZP/rZQIY1E8lAZ

  Score

  10^/10

  amadeycryptbotstealc9c9aa5marscredential_accessdiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Amadey family

    amadey

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Detects CryptBot payload

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1