Extracted

Extracted

Extracted

Extracted

• • Target

    9565bcdc6130f22e329773ec2e9a6b2045433ee79b43df387763bc0f81124eb2

  • Size

    1018KB

  • MD5

    e6c36c04d3df6db69d2c3a2f223133ce

  • SHA1

    f5f1a7b2092497e5f8159a8b1233a88273a375d7

  • SHA256

    9565bcdc6130f22e329773ec2e9a6b2045433ee79b43df387763bc0f81124eb2

  • SHA512

    1650814e1c2c6bbb26c976cae6cf40bdee7cb5dcb16f419cbc2d8cbae77b44a5825d6b99ba94fe3191bb2221ce40823c6d81140d692ea9b579b94aed589f7f8d

  • SSDEEP

    12288:BMrLy9054K3BGIjKqplqxTv2ugTMUoK4nw0E3kpVnJa6TKN/+dBmRzoK8JOkOYRX:6y6eqjkubhoKSw0ZpzmN/6gEukOYRKa

  Score

  10^/10

  amadeyredlinegenavintdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1