Extracted

Extracted

Extracted

• • Target

    4099f343b3a81377413a014345ae3b962c36d80a58ade5bd2e1a9ffde277c8f4

  • Size

    1.2MB

  • MD5

    73ffed784595e20fa1a2325844b1558b

  • SHA1

    c8f20c58d02fa8247ea67568b2701f9dac7e022a

  • SHA256

    4099f343b3a81377413a014345ae3b962c36d80a58ade5bd2e1a9ffde277c8f4

  • SHA512

    31cbb321f16e577d0c42800a1234b1236613cad50bb5cdb5c8943bca7137e4f9b971c71086e1914b8dfd04d361ba1ca36e956d963ff835e65feac6b1c48b6f54

  • SSDEEP

    24576:e8cZSlf/nIdy4Ta/JYb6qdj3D/ytw8Emuac06l8+sj9H:e8cZSJ+ORYeYDqngTl8+c

  Score

  10^/10

  amadeyredlinelabamangodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1