Extracted

Extracted

Extracted

• • Target

    file.exe

  • Size

    600KB

  • MD5

    17a3134bec3bb923a3209146fd8d55c4

  • SHA1

    781f63e40e7e978b1f361f1f068073685e80f594

  • SHA256

    25ea96abd59cfd5a1773b73dcd925f242df0865e17bf71eb04f7972244556c4f

  • SHA512

    ef2048694d3762d3624c09a7e9e24b55d9617a6f7551177adac33c5c9e348b18ac9cdf9fb28a4cff5bf74b18d08de1062b2e7daaff3f53a3ee22814b0d6e1ed4

  • SSDEEP

    12288:ibtBVre0c/uP4n2eOWBOzTKVegCBNPsIr506lO3DBb:iRFP4n23zTKL0RrdOzBb

  Score

  10^/10

  amadeyredlineredkotemposs6678discoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2