Extracted

Extracted

Extracted

• • Target

    file.exe

  • Size

    300KB

  • MD5

    0731d745487d0fa44e698ac2fa8feedf

  • SHA1

    5a78537c7d602959aaef7dd3a9a12004f7e24762

  • SHA256

    a661ba6fa25ee624136e2d6231efcd4aa3e501267ce6343fcc5c58668df10eac

  • SHA512

    b2dc2707de7e544bc7179238dffc0ec961bcd72b819aea00660f8057fa841ba73c028d5dfae6b11ee499f1cf241d8f2a4fd7b7dd3ab9077a027f6ebb833adaa9

  • SSDEEP

    3072:dG77LrK5BgeNZdEd3F5LjU9W63WvanV8l7xZMQ+tuqe/Ii0wDDtdmdhmUXG83H:yLrUNkwsqYX2QEuQi0iDtmmUXT

  Score

  10^/10

  amadeyredlinefusion77777sportcollectiondiscoveryinfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Amadey credential stealer module

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2