Extracted

Extracted

Extracted

• • Target

    c050da5a654800e6a07e09b3048063ea31746a48a26748a5bcfb4037b2fb6a14

  • Size

    1011KB

  • MD5

    8069eaea95244995de36a75c78bd2b24

  • SHA1

    2616b9dd7e561abe0a7cc7bd66ffe7e6e957b610

  • SHA256

    c050da5a654800e6a07e09b3048063ea31746a48a26748a5bcfb4037b2fb6a14

  • SHA512

    f56777359b3123d5c6073e2c1798e6d7a71b7ffc786464df5c59999279cc0ef850844d8322bbcc9cc67fe1b9e26a79f063f83390e1476218545cc78c060166ea

  • SSDEEP

    12288:+Mrry906vdU5TvUflNnxHm3GDZs23LOcQ9Ctfcm7BDZlIgiuOMNMxuNjDEEsi9h1:1yD7nGsbrQ9Ctkm1zI78Mxulpsi9h6m

  Score

  10^/10

  amadeyredlinedownroxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1