Extracted

Extracted

Extracted

• • Target

    16fdc2bf9fc0a6c61b0e3a7d35f8d036e03fcf265b4843e535062e3ff3f365e9

  • Size

    1.0MB

  • MD5

    ea17d5a0dda43bda78af0ccaf4e023aa

  • SHA1

    a7dab9d034eaf2945af1a339bd37142058a42b41

  • SHA256

    16fdc2bf9fc0a6c61b0e3a7d35f8d036e03fcf265b4843e535062e3ff3f365e9

  • SHA512

    d44c7fa6b12b664d78dca00a6f837ab7b2e112bddc7b5e78af9b1cae754ebccbb1886a1af69228bc044f5686172f06a55602e6a5f73245200fc7ab31851c3f8a

  • SSDEEP

    24576:lMbRJYQ7llq8IjPVOQpe1775ysdJw9ToAmMAo0Qvk:loYQ7SjPECK/5yQJwMMAo0y

  Score

  10^/10

  amadeyredlinemangovinadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1