Extracted

Extracted

• • Target

    1dcadf50a9ea6ac7131b3f1dfab1bd46273c0104cff14d32ab937503092bb5a0

  • Size

    466KB

  • MD5

    98668faaf1704a921aff4d062514cfda

  • SHA1

    f57387192792e70786be9e717c52a4247d980deb

  • SHA256

    1dcadf50a9ea6ac7131b3f1dfab1bd46273c0104cff14d32ab937503092bb5a0

  • SHA512

    6878558a648dd8f7d52b19e382900080a31af0da4ac25bab30ba80a678d2b2272a4317772d98a6aec5071b0471f758fad635207f4f1e974012c66703904892a1

  • SSDEEP

    12288:saIhnZ0Tp48WP2GOsqXfrBh/x9+4K6MyME/Ih9XwJ5skf:stZ2FtTR9dx9AryMVh9MB

  Score

  10^/10

  amadeyredlinedezikdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1