Extracted

• • Target

    b0b4664013262a48fa9543ed9c651c34c9a7233678882f16d86e779c0a9a39ca

  • Size

    293KB

  • MD5

    3776556daf53e7da67e1f0714c292ba0

  • SHA1

    04b54e2e1bb59cfe0736c03dfe2e8437d99ee5fd

  • SHA256

    b0b4664013262a48fa9543ed9c651c34c9a7233678882f16d86e779c0a9a39ca

  • SHA512

    56f011965d2b1fd60d4661abb5cac96fe359db4812071910cb4b842a778052829914ab8006f7056410e500602ce6c9af700d9708f4b3278f36313dcc885ec2ec

  • SSDEEP

    6144:UkdPVCFLSWomUIADz7Nl7lwUndTEvKbIT8:UkdPcFWWowqN9l5dTe8

  Score

  10^/10

  amadeyredlinebethovencollectiondiscoveryinfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Amadey credential stealer module

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1