Extracted

Extracted

Extracted

• • Target

    2210895262ec882142741115fb4aab618106b715eabd50448e9aaf3116fd079c

  • Size

    1021KB

  • MD5

    b2cb4638af0ccc1fc6ccc1ab6df33e85

  • SHA1

    786bd3fee5db5dd0f5366c4a0ad4a1e5fa68f899

  • SHA256

    2210895262ec882142741115fb4aab618106b715eabd50448e9aaf3116fd079c

  • SHA512

    8d4b480287c4876a66aeb01904f1fbf6a14643b194afc0059fbbfca2648d59d1178379f8b48e51cd10c3600cd6cefbde8e41d71ff2f4f7543f50d3d4f99eafc2

  • SSDEEP

    24576:+yiZ+VYCF40IOoht/9cQ0u3ZbSycGoDZx4:NgKChl9cQ0u3diGUx

  Score

  10^/10

  amadeyredlinedownlowndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1