Extracted

Extracted

Extracted

• • Target

    e4c8ad200041b74b5f075f73c5530627b9ad87b2be1dd92ce80c76944d4863a7

  • Size

    725KB

  • MD5

    f99632cf59d0b0951ed408040794ce49

  • SHA1

    f144aeef2f8df3e4f25c544f8d48923709ea5422

  • SHA256

    e4c8ad200041b74b5f075f73c5530627b9ad87b2be1dd92ce80c76944d4863a7

  • SHA512

    95c1bd4eda07e7eca84bfff353ff16235707bfa9807a403f2ef19bd086d7fadf16105ee631d8ab3d9d225cae1ce0238ff323f413097168073fcc3139e749279a

  • SSDEEP

    12288:cMr8y90A21ffcqNPOljerU+BOSLFRjF/uo5LVTIG5C2A4a1Fq2BMAebzBXtqadN:Yy0Jfcymli3Lnp/vLVTIh4hGerRv

  Score

  10^/10

  amadeyredlinefukiarumadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1