Extracted

Extracted

• • Target

    e9cc6b8f4f8744e2cbda52d3e5c892cde41f0ee9d4d64e2a946910a98567195b

  • Size

    465KB

  • MD5

    311a077876097d6720fb9b8913871926

  • SHA1

    e73ce4e13c640cf4159fa9f4bb9fc928ac5d8d60

  • SHA256

    e9cc6b8f4f8744e2cbda52d3e5c892cde41f0ee9d4d64e2a946910a98567195b

  • SHA512

    c3c48a9b5e72aa7dd9c6ea51aee71c9d28f0cef25186280cb8c65b261fba24933d4c213a5f02bf4354a66aec805efb91b2cc32d8cee7d2b0ae9b198e97e2c326

  • SSDEEP

    6144:5Fe2WskQALI6KzqjJLKLFCA0k4JzFZUDadKOCRTQoqz6:bxWskQ16UqjJaj74JRCDanCRTQoR

  Score

  10^/10

  amadeyredlinedezikdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1