Extracted

Extracted

Extracted

• • Target

    b36776c521aeee11c4282a132ad426017c2eebf6130e0af3aacf7b16981e25fc

  • Size

    1.4MB

  • MD5

    b8adbc1a0523ed53d82bfc31c40b2b08

  • SHA1

    2ea884f4c0eb4b23b74d65f7168e1aac66741959

  • SHA256

    b36776c521aeee11c4282a132ad426017c2eebf6130e0af3aacf7b16981e25fc

  • SHA512

    8c78df002df7fb30637797b8c195f9710c21a811a9399741381733cfc61b6cba710f7e98c0d7ee58ca75982e6ba90dd9a6698bbb1201ef9a915ec61dc2f5b518

  • SSDEEP

    24576:hyrMzDizMkq9kWr1uh3/CinGt7C41MuOmBhMRRYrKh+fD3FY:Uo/iAkWr1wa2Gt7CuMuO2MRRYbf

  Score

  10^/10

  amadeyredlinefubarouchdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1