Extracted

Extracted

Extracted

• • Target

    file.exe

  • Size

    720KB

  • MD5

    777474c413f32becd570c25bf923fe2c

  • SHA1

    c77ffc2a161d540bbdc99d5cb5b2d4b26dc9edb2

  • SHA256

    6224a67c258a7c8f89f9547107ebfe0862a8ac77cf30afec59090c9e5a5546fc

  • SHA512

    260bfd323aedcbf6f540748612109929c8929ece79698c1ce634a5f008fa8af9e7b1075ed8716333d12a942ca3557b7bc17b76e5ee1d5c87fd070273d821d1f9

  • SSDEEP

    12288:YMrOy907YFgwVyn7VKM6CLKrKzgkaTclCi7JeJtzzSP+QhpGM7IVzhClfl80iPKu:2yUuV67VlL8jVcAjh8hpGQg4lNpju

  Score

  10^/10

  amadeyredlinedunmromikdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2