Extracted

Extracted

• • Target

    925ec082e66fc7effcd2801c02fc45be.exe

  • Size

    652KB

  • MD5

    925ec082e66fc7effcd2801c02fc45be

  • SHA1

    a571c246189b66ba1c73cffe86abdba6a9a1931b

  • SHA256

    073cfa9c393ec523939794ed92996a25d4693a936db98eefa17744a44946eb70

  • SHA512

    cc3d1c7c9181d738c8e9581aca06d58867de7584e76375a83f25ad7bd456303229373d757e0aa1d1068c5e97f83d1ebdcc3486e88072801658da4abd01cbbfaf

  • SSDEEP

    12288:75j3JR3BozEWIinsj8bTpSR3ok6CeYM500olt4iztJ5H:75jDB4minsj2U6kQYMEkiD5H

  Score

  10^/10

  amadeyredlinegarrydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2