Extracted

Extracted

Extracted

• • Target

    ed25f6cc36836a83c0031c16fd1d5569.exe

  • Size

    1.3MB

  • MD5

    ed25f6cc36836a83c0031c16fd1d5569

  • SHA1

    9a343973a3ba67b72d2dd2bf26f46d58bd2fa069

  • SHA256

    3fcbce9b8b29a899a766e1aa62e8abf3e9f6cc0f03bb0f3b188bbb5777fcd0ee

  • SHA512

    85a9433f8808320f43e66c33661b9cc5c92350f836e3711ee2a8f78ed62a4d5aa7f0ed981b6312c69aac8d92b17dd7cea43f005f0661ed22851fd49db523bc6e

  • SSDEEP

    24576:lnzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:5C/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61

  Score

  10^/10

  amadeyredlinedownmaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2