Extracted

Extracted

Extracted

• • Target

    945ce6bb46b84c8280b39d9e332379cb62048eb784ac07e8f5c2c69c9b761d41

  • Size

    1.3MB

  • MD5

    38f53cbb7d19cb8498855c1447608381

  • SHA1

    5b0e3688143ef1ed69a5950a74e3f13d18d255cc

  • SHA256

    945ce6bb46b84c8280b39d9e332379cb62048eb784ac07e8f5c2c69c9b761d41

  • SHA512

    fe2e6b8b1f7ba9b29080082d4ec16a4c4aaab43673e289886041a9107f37e487de4ad9b9a3e327a226bd6d1f476c01534f0d9101e88a4ed6408eb7191f0207f6

  • SSDEEP

    24576:Ay97a4NYksirj5URRAuo2JHOILyFoiNdC0qCiEoIxFW9Tx2ESEHo:H97dNYksi8RAujH9Lu1S0boMFcd22

  Score

  10^/10

  amadeyredlineformarumfadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1