Extracted

Extracted

Extracted

• • Target

    5039fac784305e1ffe60e2291e7055d58c0fc31165f583ff0b54318de41710fd

  • Size

    1.2MB

  • MD5

    d72c680323f61e31ec12eada3648f3dc

  • SHA1

    c4ebf02bdfc741cb7e4487c77d3afc3289261e95

  • SHA256

    5039fac784305e1ffe60e2291e7055d58c0fc31165f583ff0b54318de41710fd

  • SHA512

    c6dc0e92668a87638d298fbfe7903f9b6383ab3299649a2ace3bc0435981f7fbb6513068b4bbd66d77a3dd84109b3359457d2a57ca5a2203c7305ab226c42e64

  • SSDEEP

    24576:/pQsfGjoufGJCgl9KDJU4x3FZHlc0nQAI7Hu7ecHHMnnxPiH7S:/h+0ufGQgl9ybfH2qQ1LqHohiH

  Score

  10^/10

  amadeyredlinelabamangodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1