Extracted

Extracted

Extracted

• • Target

    file.exe

  • Size

    715KB

  • MD5

    20a001f3831c00844d5f3349cb52eca4

  • SHA1

    ef5a7bf5b9d6a8e2b384a721cfc12b9cad9b36da

  • SHA256

    203d2328085c36d847614cdba40985e267eeebca331fe5e56ae3f328fb51e9c8

  • SHA512

    c94ca49cc235c5b655f8de1a52f19ca9d0ccc5729192fdeda25ed9268e1fe0a48a080f3b2e832a370ebdbdfcc094866431f5d2cfc5f4b22cdcf5cd8b1cbc03a2

  • SSDEEP

    12288:aMrWy90UoAEjkvU8GKhH5wgNDeJDX2eJBqmsrxbsCMgO+JT0nIVwVX2/B:Ey98j8Ge5wgNDeJDHBqZxoTg1T0I0Xs

  Score

  10^/10

  amadeyredlinedunmromikdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2