Extracted

Extracted

Extracted

• • Target

    9b097671d029613bece051e7be8129b96f17f31b7ff060b644b8b3db52fbfb17

  • Size

    1.2MB

  • MD5

    1b494513683a612d1048ec8d63019473

  • SHA1

    75162b60935e9d01f1d67ed73531c822ca263843

  • SHA256

    9b097671d029613bece051e7be8129b96f17f31b7ff060b644b8b3db52fbfb17

  • SHA512

    9381d3a6ae5dced1009267032560bb7569bb585dc8af6aefa4d02b68986598d9acc06cee91f21146348030397093507d01857da3ffe0230ed65aa265fa6efdd1

  • SSDEEP

    24576:yqhBqkSN/ClM0meCtjUT+9jwvFV1Mb3A/fWA3AY9LZxsih7:yqjqRyvCtjvsvFV1z/fWc9n

  Score

  10^/10

  amadeyredlinegenarelondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1