Extracted

Extracted

Extracted

• • Target

    103f5ad9885a921b3d9abd82a9c50771ecc6bbf0132da965db0fa64978057f78

  • Size

    1.1MB

  • MD5

    ab5a1ff8d2969ac560b10f0575513f2c

  • SHA1

    7e5c05684beca6d52b54c2c6392e6459efe514e6

  • SHA256

    103f5ad9885a921b3d9abd82a9c50771ecc6bbf0132da965db0fa64978057f78

  • SHA512

    626f84ef334a84d446bfd075371f00a213b6a7aaa4627778201894cc83c26297a6a595a819f72a75737253ba44ce452f56289d734fe588223440fb1485e1691e

  • SSDEEP

    24576:nmP7BbTymTVzxFnHDzCOiqZavIqFwFU9hOpyugGYfhO9C3PvWjZ:nmP7BnzVnjzCTqZ57Q48ugBO9C3PO

  Score

  10^/10

  amadeyredlinemangovinadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1