Extracted

Extracted

• • Target

    file.exe

  • Size

    740KB

  • MD5

    f68be5bc8184ed7ea31be13cab356823

  • SHA1

    1dbddfddbc34218b2fa47d5ef7cd14973b841602

  • SHA256

    3fc08fc508152977be942bdad56440b433508e70da76e87c3cddce0a580d941f

  • SHA512

    3b1df9ff2b7939a8befb34e1d62b8d8e93e187f24253395addd116c56313c678be8de7d24da47f339dbffa4337157dc1e36b336c9b1004c8e79270531c1e87d0

  • SSDEEP

    12288:MMrNy90QN9x7CG0a9XAv4n6YShpqulZAXBb5/Z7g5phYjAp3HQSNT+zzil5Acatn:pyp9x7/nPShxlZAXB1ZEThLHxFI2ADh7

  Score

  10^/10

  amadeyredlinedunminfostealerpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2