Extracted

Extracted

Extracted

• • Target

    f5dfec931e19e6738eaa2445958ccf9a.exe

  • Size

    1.0MB

  • MD5

    f5dfec931e19e6738eaa2445958ccf9a

  • SHA1

    e6cf70f7b43f4fdf5beb10eacf015df92567e6e4

  • SHA256

    8a7d599d3de64901276d2d1cc58da339185637929661f4aaa44171905ddaf1c2

  • SHA512

    b61281eaee6e4027c98fcf9c0f77a959282cb658529ff7e520ec91f3203e0ab6a97550b48a82929aa00e55caf29b1c2ebb7c60cb1ac6dcf1c02291ce944895f1

  • SSDEEP

    24576:IyWnTINN9cJM2QcGEM06FtaJ/Smc4kEAf7RCKypj+XMQoc8:PW0cLlLMOSmWRf7R6eMS

  Score

  10^/10

  amadeyredlinerentarosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2