Extracted

Extracted

Extracted

• • Target

    file.exe

  • Size

    719KB

  • MD5

    219095b5eb9c4292e00c2848e9c73a76

  • SHA1

    06e4ee5f78be2c21b55214ce51634e3f0f2e3ef5

  • SHA256

    e57dc8f3707b1a9bb2bfb82ed410c1c7733307d3015d5bfde3185fc624778414

  • SHA512

    a2082f2f6418e317bb4526ffed059395e5fa8b49230ff0919c0b2f6932e8b2fa1642f01e7f834cbdb67030f3216b76cdc6876e29bb065cf797735644324ab692

  • SSDEEP

    12288:JMrPy90FBdkqB8GwNZI0Gh7T0Pjpp7YRR0w0FJeJQyPjsP+piVF0pyG80IkzhelS:qyfVPa07zY2IQiiVSpyGbpclHmN

  Score

  10^/10

  amadeyredlinedunmromikdiscoveryinfostealerpersistencespywarestealertrojanevasion

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2