Extracted

Extracted

• • Target

    9f50d1538f69d88a51e4bf083d2a86d2cd7053d4c5c4c5f3f7a0fd0b4d9a2a3f

  • Size

    723KB

  • MD5

    949907e5a55dad23e7f06f6084c5a40b

  • SHA1

    1288f4f5171c3b9453f4976c75766c600563a8ab

  • SHA256

    9f50d1538f69d88a51e4bf083d2a86d2cd7053d4c5c4c5f3f7a0fd0b4d9a2a3f

  • SHA512

    db2247848c2f87e0d126a99d948b3d9fc4eb8410170cdd292e743f1b4f89570d5dd5eb7454945d7b09ef2da7a0eccd55d14c065d835b47dad3c5bf7e63a02174

  • SSDEEP

    12288:jMrmy909UOMbZG8Z02njwIvT6XFix88FB9IPMu50HmCm7kZZqJLcSBb7q1:5y6OY822jTO1W88FB9IE3moZZqJL/vq1

  Score

  10^/10

  amadeyredlinefusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1