Extracted

Extracted

Extracted

• • Target

    28e7cabb3f8c76a55bfde5f69851ace4.exe

  • Size

    1.0MB

  • MD5

    28e7cabb3f8c76a55bfde5f69851ace4

  • SHA1

    33e64d9d31d9936237ce1a19c816d7d219144dc9

  • SHA256

    2f6162010919f28839f23e72ce83c712e35afb63606d1ebcfeae8d5c3bf8751c

  • SHA512

    3e432ecc30b6665aa6c9e6d71381490f610a8efeb9d659cf0ed9428106ef4fbd0d1fd3bf8119ec9759cbdf40bd802c91e1ea7c5d26cafe7610c0d4fd75d17727

  • SSDEEP

    24576:cyfbFocb2YOVQgFmkAPWA9ixdHDIEp2HIfqe97qkv:LP6J9fYWA4xFIE2Hmw

  Score

  10^/10

  amadeyredlinegenavintdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2