Extracted

Extracted

Extracted

• • Target

    f7c4a5b390a8a6699d904c932e70882168b6e393d5781a0e5c7b184109b48690

  • Size

    735KB

  • MD5

    bb94afb432d4dcf8cae0869c08468721

  • SHA1

    0dbd2abb1f0887c4f97bd6921209acbab6870aa2

  • SHA256

    f7c4a5b390a8a6699d904c932e70882168b6e393d5781a0e5c7b184109b48690

  • SHA512

    6f99073c4d6563e069805c49d0440f4e4b15e1c5c0ba352c0c63c7de2caf1f5c9e398ae8297390992f29d24ba5765046b57ae80b81ab8bc346f85327208ce0d1

  • SSDEEP

    12288:uMrUy904S7CypHH9x+8ZaDgcMUj10CqFXBWwWCj+Fr75VkBTzWlAu:myGGypHb+8ZAAkwWCjWUV2Au

  Score

  10^/10

  amadeyredlinefomichstekdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1