Extracted

Extracted

• • Target

    dd0a0312e7659c011d98b9945019bf2b5a9b35e37777cdc1f1b11b1bfe77075c

  • Size

    332KB

  • MD5

    d39b424ace8bcca3c76976f1be110845

  • SHA1

    5a9f6d6cd10690ab24163916efe6e5282bacf292

  • SHA256

    dd0a0312e7659c011d98b9945019bf2b5a9b35e37777cdc1f1b11b1bfe77075c

  • SHA512

    0514027d7bbde93e386e5c3142a70619477fc046b9d823760c7921aff7a7479509f89a4a228850aa43f2c6004a33cd80762a45f46867ed292f4bbd9298b542c9

  • SSDEEP

    6144:UklgdWNTdGCpZ9EmqSlMSJdo9vjIDcuT3ZVS:UkKwNVpZ9vqS3JOSDcudVS

  Score

  10^/10

  amadeyredline@2023collectioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Amadey credential stealer module

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1