Extracted

Extracted

Extracted

• • Target

    aacd046f642872a7af1b1552c4afd21d7db9786b705760ac40dc414d147820ee

  • Size

    988KB

  • MD5

    fc64966a2f038c28490b993ab205573a

  • SHA1

    6b0af4eabeaf5882c24790550072a9b6a448087d

  • SHA256

    aacd046f642872a7af1b1552c4afd21d7db9786b705760ac40dc414d147820ee

  • SHA512

    6e212a59ffc2272eca8a66887347b0f4130002a1e36188ed71af00a7b2ca8eed3c4d4dbe56992c13316a3ddf72a637583ae2bc394944b0982242da03afd56637

  • SSDEEP

    12288:UMrFy909YC6hwf9N3+JjGywHVFfCW6zaO5BxZRFIoOLBdmXUNOnJ33poBfx75XRH:5yuN9N3OwiznBDRFg6ksp3Y8LS

  Score

  10^/10

  amadeyredlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1