Extracted

Extracted

Extracted

• • Target

    SecuriteInfo.com.Trojan.Win32.Crypt.23193.102.exe

  • Size

    1.0MB

  • MD5

    96986c0b7f635edc7d8b48990a899371

  • SHA1

    9d4e048f146462c5d4c4eeee94e9895a15bcfc6b

  • SHA256

    f99625399f18a85c7335ed262a8ba1bef605b93782245c64d670dac25855f90f

  • SHA512

    a34b41770ba4f27c007f541285ba51ebf90ed9af659f582c97d7567673ff681df13110b1b73634a031c14422a85287e3da46345647f5e910d8beca29e2fa2291

  • SSDEEP

    24576:EPKay4I7HW1XITQggn7pkwY5sCh8me5xZIBGZgj8J:EE7HYJn7p/ChaxeoZgj

  Score

  10^/10

  amadeyredlinegenarelondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2