Extracted

Extracted

Extracted

• • Target

    file.exe

  • Size

    714KB

  • MD5

    c90a801629f743b1c227dceae96a77c2

  • SHA1

    e3cb4a61823ec100a08433957b6593be7ef83be3

  • SHA256

    5926f961ea17cb3eb23beba14dfea26581185ccf5950c4f067335463da397fa4

  • SHA512

    acc03b0ddf0059b95c60e67a7fc362c97a2ae6afe88143c9c826eb3688b97fdb503b6240a95fac3d51527f222990af7545c3f4a20a7fc7d4a645249f84b3af4f

  • SSDEEP

    12288:yMrHy903NICqy9jQ7IgbuI9wV1zBRr2yeJ2GvTjGxvSYAsCJaei1ObocL1wNr:dyONIw8fbPwH1Rrc2GHGNlArJaR1lr

  Score

  10^/10

  amadeyredlinedunmromikdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2