Extracted

Extracted

Extracted

• • Target

    f9d5ea3181e897dc621b3a4c0f7b75d78ee19a12af6f1846c56361a1f6dee3d6

  • Size

    1009KB

  • MD5

    5a5362c70bfe05c6fe526bb369081918

  • SHA1

    fa56e2e715fd33618b81eaeeb1ad8bf0221127b8

  • SHA256

    f9d5ea3181e897dc621b3a4c0f7b75d78ee19a12af6f1846c56361a1f6dee3d6

  • SHA512

    7f76cb13558548ea17df66a131e9876766b950623f1097c1e6d2baec5d8afd68ee1165eac2b7dea9c40c21ea99ce3a0d7ad224b1897f0ae06d51570a6f0f707f

  • SSDEEP

    24576:gyHcVibZHQ1H+d8pnfWCig2sG1FBIjNMNUb:n8Vf1HOCeCiaG1F2jT

  Score

  10^/10

  amadeyredlinedownvolyadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1