Extracted

Extracted

• • Target

    file.exe

  • Size

    719KB

  • MD5

    89208481ea2eeb0fdbf196447c527380

  • SHA1

    c336b44755a3f9caa7e6bcc17f15fae219041adb

  • SHA256

    0c2814ea196766ae0484f1169ea7bf8e210122a4da25e82f5e38c5e2807b5d72

  • SHA512

    4fbb9b3a724e08f822d3bda55676c8c5bfaea1a668d2826cbac8fc45224593aad96e0c5f4d030d81ff672fe135daff28d5669d635a08f6f7f0ca968f1885538f

  • SSDEEP

    12288:uMr+y90MjEYjnj1whfwbqDVJa98205eJVgAkthx3Qhmb7xTpZCGiNITzhjx1l8Y6:4yzjXjjSfw2DU8AJGP3QhitpZCGEKxx6

  Score

  10^/10

  amadeyredlinedunmdiscoveryinfostealerpersistencespywarestealertrojanevasion

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2