Extracted

Extracted

Extracted

• • Target

    a5784cc791d700fdb449fc3085316c83db195c1c77254a01f89de75bdfc7fcd4

  • Size

    987KB

  • MD5

    61b08ba69bba1037b16655c1ec37d1af

  • SHA1

    91e6f80a41f4069fc3ac116931d489fd92d07b7a

  • SHA256

    a5784cc791d700fdb449fc3085316c83db195c1c77254a01f89de75bdfc7fcd4

  • SHA512

    69eb87fac25d0da4b73e01726c771c9fadd094c75c1414250f2d8252b58120c7204a2b822d41e3fc0e5141ed7f055554dbc866719b702d94502ab27c369bf167

  • SSDEEP

    24576:WyUkm7BXnYB44WK+rm0y6P1ZCIQfe333JWGEjF+j:lUkmtXC4vlq6Qfe3J0

  Score

  10^/10

  amadeyredlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1