Extracted

Extracted

Extracted

• • Target

    file.exe

  • Size

    725KB

  • MD5

    58d006f142bc0bdb7d8cac78f9a12d69

  • SHA1

    d04d3b29b2dc0552ecba06a59392ff618faf2791

  • SHA256

    49c4b37a938e23a86d7890cdac6694a361e3c98a9d7a5965fed980f14262b247

  • SHA512

    3b0c047c68020ca0e72b3220610eed39462fe9ef990de99c3bc9fba592fbf36f1a3c1f8a4d015f4c84716e9cf456f244313c99fd58f7c80f1c835e1cbeb5f29b

  • SSDEEP

    12288:VMrdy90SS6bC3QfpxrHR9HeJJ+5WHK9zrm2FOvIeXoBonel2:My1bFHbRqWJlxroneg

  Score

  10^/10

  amadeyredlinedunmromikdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2