Extracted

Extracted

Extracted

• • Target

    b74e79b87d1585495454a50d14f5030658d1d05842e695f26220b31f56fd1ac3

  • Size

    986KB

  • MD5

    1c8c5a8a381729d982b69e205fd73d17

  • SHA1

    36d1243e12fb142ac99ba99897ae72c1fdb110b2

  • SHA256

    b74e79b87d1585495454a50d14f5030658d1d05842e695f26220b31f56fd1ac3

  • SHA512

    f8d8127c77c8654c42bc3fcf1280dcb8d855f4b4cb043961d74ddfbf4802292112c1fbcd98519694612abb706e098496332d1a1a6cad36b4e8b3f87658a22c79

  • SSDEEP

    24576:yyk5LLqLpyZtYCLcUIH+B6AqMhw0tSsF:ZCLLqcwmBw0Ss

  Score

  10^/10

  amadeyredlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1