Extracted

Extracted

• • Target

    180ae9ad1bc6774bda3a88328f07c6ce7328cab039d8acbaec7b66d1eca4d168

  • Size

    724KB

  • MD5

    e62f51cf3c50e5cc8cef37d69048a846

  • SHA1

    8ad20268c2ff44c916ce2bb0b8add3d9507d78b8

  • SHA256

    180ae9ad1bc6774bda3a88328f07c6ce7328cab039d8acbaec7b66d1eca4d168

  • SHA512

    184409de4d8933b5bad34325099c7082f87ba7b74993df1aadb8fa03029ad0759e15450f15ceee2c93cce736461fcdd60e84b062f702f0a4289cc1960cff46da

  • SSDEEP

    12288:RMr4y90RNV1JMS5oUMjNNu2bJa25wjrk88dOyIPopXT1e5+TmtSGeGciZZ:1ySDMS5bMu2bJDw/k88dOyIQ5e5+T3GR

  Score

  10^/10

  amadeyredlinefusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1