Extracted

Extracted

Extracted

• • Target

    fe7a675442a39c530557a3d02ccfc3079aca86297a7beb28558ccdac5b74eca1

  • Size

    1.0MB

  • MD5

    491b08d37cdc27b1149109f590d07a09

  • SHA1

    16e1f69ba45fbc270bcd718f82141cdd0444304a

  • SHA256

    fe7a675442a39c530557a3d02ccfc3079aca86297a7beb28558ccdac5b74eca1

  • SHA512

    d57a2cc1a18b09edd94c363cabf7eb3bd5fb4525639a7c904fec9685836da4c4e75a0176c902ed4b85899a5e3532503f53e6dd43e8499318832701dd5ca9a3f4

  • SSDEEP

    24576:pEpyOrvFcO0dYLJ0hMn9kTYX0cs/hvB1c9+E:peyOiO0daJ04KYEE+

  Score

  10^/10

  amadeyredlinemangoritadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1