Extracted

Extracted

Extracted

• • Target

    7396e25e506ae67fb741308a4a23bb433842818ccb79980c022672104ba6e7d3

  • Size

    1.2MB

  • MD5

    d0032e5963e10cb42601038eb4a35a31

  • SHA1

    a048413f4fe9a7c8d7865cee455c36e8b42024b0

  • SHA256

    7396e25e506ae67fb741308a4a23bb433842818ccb79980c022672104ba6e7d3

  • SHA512

    1df2f589e21f9916a2bab904ea4b00df61cd18d23c810a576a40b696148be0111cff7f94b2befdd6dc032eebc08deac81e21b5dd0df31964d68c609cf1cc0b52

  • SSDEEP

    24576:OkcpCh/hx1VCKnXPGgP88lsB3UAQy2HrABIaJWQj+mFDT55+HnnL3H:OkcpCh71lPkB3UAZ2HUr4QjPRT54H

  Score

  10^/10

  amadeyredlinelabamangodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1