Extracted

Extracted

Extracted

• • Target

    ef63aa1f88b9426b9784132ccb08b1d38d736dbbf5d5720d63da3a53486b2adb

  • Size

    980KB

  • MD5

    58b4d4e43301437f0e6cd7b2400c0606

  • SHA1

    c54cdfeb9457d65e1c9bf29a4f5fd4a3c0a2c570

  • SHA256

    ef63aa1f88b9426b9784132ccb08b1d38d736dbbf5d5720d63da3a53486b2adb

  • SHA512

    3f14fdfdb64f1fd438a9745abeff5298bbfec0d29e2a3de2f95cf56f32ca56b4a4a6b1db0a5ac8bc8c411d87533a9af920774037fb690d832a5bbc1d86112e47

  • SSDEEP

    24576:Sykii+FnyDH8C7t7a8qb/Qt5ateXq8SIJcpX:5kiHw8CIp+Rl

  Score

  10^/10

  amadeyredlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1