Extracted

Extracted

• • Target

    bc954ce73849d5a7a8ac45f79f43d7acc7e16e720362ac75097b2c5279a21434

  • Size

    450KB

  • MD5

    76fde3990b1c282450b11853fa92a272

  • SHA1

    4744103db396dcc131b508bfc8d23f30765bf499

  • SHA256

    bc954ce73849d5a7a8ac45f79f43d7acc7e16e720362ac75097b2c5279a21434

  • SHA512

    456df0da25c79bf27650f300e1c576ceced7e043b498007815ca63db844c507af36fca89f18ee6def23f859eb83a7aa3a1271f2ce7d2e60408b36af2b802ebb7

  • SSDEEP

    6144:1pqCfjcHwMbLU3dw4QHVa8GcVCZMh9jbMxCC7Nx9ipAEzmq4JerYh0K:1kAkBbQ3EHkpZ+9jbMMC7diiEZ4ArGP

  Score

  10^/10

  amadeyredlinewelldiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1