Extracted

Extracted

• • Target

    6e28bd1b92727ee0139e463885cc82b038081934bc2cb3957d67126047362865

  • Size

    743KB

  • MD5

    1ea1f3435a8a9b305ceba7b8d1c835af

  • SHA1

    55317574e6e0fba9f70b3fc4a745fcf6c0604aef

  • SHA256

    6e28bd1b92727ee0139e463885cc82b038081934bc2cb3957d67126047362865

  • SHA512

    53a864d33ad5cb1f8f0173717a870ed62c4079b655912a1f9bc863360d315f59486e12f3c2b7a515c763d0c43a1082d4d75711ea55bdb49994b16c2a89c16f4b

  • SSDEEP

    12288:IMr9y90u9TtYKOglwffMCTWLd2IsHUEVwOvl+hF4Gn1xUyOHB0awGn21yvR8:lyVxtCUtCKLqIyGnvpOHB0CnEGS

  Score

  10^/10

  amadeyredlinefukiadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1