Extracted

Extracted

Extracted

• • Target

    d38ab4ece01b9753b74d7450994bcb7358bbef707296460454ee860bba5a29f2

  • Size

    1.0MB

  • MD5

    03f50e9ab216d2efd45c933389b4d9de

  • SHA1

    172cd028deb7ca516b08151781a732af36a453ad

  • SHA256

    d38ab4ece01b9753b74d7450994bcb7358bbef707296460454ee860bba5a29f2

  • SHA512

    1ca3d27e8b2a5ed3c4a31bced30b1726e61f16e712bfa182b46611d58bea211597c5917c95a1fe447319a28b8fe76b1bba0e94e8b4f8ec0fff4ea3c8c75102ff

  • SSDEEP

    24576:59xoo7J5oONRY9TttU+I76MXwINTXkvvRno6O6atz+h:doo7JNRMM7GAgRVO6Yz+

  Score

  10^/10

  amadeyredlinemangositodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1