Extracted

Extracted

Extracted

• • Target

    fe24411c613c2dc2f6f80ba88bfe69d6f6ea35d91dc94ee4eb8eece69a2e5510

  • Size

    1.2MB

  • MD5

    7108a318e28b7c90dd18f0d1726bd41c

  • SHA1

    4a73b5f7595a301013f6f4170addf36f2fbfd8c3

  • SHA256

    fe24411c613c2dc2f6f80ba88bfe69d6f6ea35d91dc94ee4eb8eece69a2e5510

  • SHA512

    75d3a87a3c484dacd7ea3fa325a4371493c27c6b969785fc113435f3afa0eb31f3954fc06f6f487f7821fb3beba34f4b8dca3e5cac05336a3b9e05d738494a93

  • SSDEEP

    24576:BnLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:BLNjLUd+bpBKqyc/GP

  Score

  10^/10

  amadeyredlinelabamangodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1