Extracted

Extracted

• • Target

    71d3510fd8c11da4187960127bb042b7bd1d98c99f7413073fbc23436b9f9ccf

  • Size

    785KB

  • MD5

    dbda1d24e84e3ff338e89c0c29115d46

  • SHA1

    b5b8c187cf25b422fc164685bfcf055c235c0080

  • SHA256

    71d3510fd8c11da4187960127bb042b7bd1d98c99f7413073fbc23436b9f9ccf

  • SHA512

    56a202e028b06e027aae82ef7dc521d18bd043ed3054ec205b0bab0931960f8e5527afffc974f0c9c72304ebd743874f8baba648858ecc15adaf588010e68f0a

  • SSDEEP

    12288:BMr4y90nwRHv4Xo4NUwPTT8ft7C2eiB4JoHI7CIemDNr:JyACHv4Xo4xT8lW2ei6SUZDNr

  Score

  10^/10

  amadeyredlinedubnadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1