Extracted

Extracted

Extracted

• • Target

    4be29247d4ffa0e35d49b6fbf1ac13120261ca4a46289ce1bed1ac8d530dab81

  • Size

    1.2MB

  • MD5

    7d0ea58591e6920d0f36c68b94e9098a

  • SHA1

    0307e970e23c9847a57bda51cf3e9bfe0a7098d9

  • SHA256

    4be29247d4ffa0e35d49b6fbf1ac13120261ca4a46289ce1bed1ac8d530dab81

  • SHA512

    6d3e9a918242956fc864964631b33d7cc69439365da552317bcb6968d8e5fbc219742156d9943cce640f00787be34bfec0c9abfca29e155c123e6a189ea72ed6

  • SSDEEP

    24576:5F6srZaBvdwb0VkOx6Jgn9QZjZhF87xJDHvniWFtNcm5hZn47i2+hz:5F6zhdwb0ZkCn9+dhylBHvnLH3hZV

  Score

  10^/10

  amadeyredlinegenarelondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1