Extracted

Extracted

Extracted

• • Target

    54115b22ccde1454c1fa9e595f5115b8e295e034424a5a56696c6b37a7116500

  • Size

    986KB

  • MD5

    e9e1566605d73c8c66fb678905bc33cd

  • SHA1

    963dbdf91917d28951f8b6cbf16c9747ebda1c5a

  • SHA256

    54115b22ccde1454c1fa9e595f5115b8e295e034424a5a56696c6b37a7116500

  • SHA512

    c76d9eb904c152accbeebda3d035aab635551f9d10c23f03141fa9322c07ebaf3a48e69139d90903b56255e90d5ce567eb06243cce88a8dfdce264ccef759fa0

  • SSDEEP

    24576:UyU2aUOpknPikbJrbAyKyfuF+c5wWu9NYwm:jU2apEHbjK/wWu/Y

  Score

  10^/10

  amadeyredlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1