Extracted

Extracted

Extracted

Extracted

• • Target

    8f3160958d0b9943a0b476646f3949cd3fa79d0e7df7e199b5e345bac46604c0

  • Size

    1.0MB

  • MD5

    6516062fd0df8bab272ff494285673b6

  • SHA1

    c66e34b491f19439f88adb5eab99863032213e19

  • SHA256

    8f3160958d0b9943a0b476646f3949cd3fa79d0e7df7e199b5e345bac46604c0

  • SHA512

    7ed4c668ec56cf4542b603a624a94234bf10ef624c63512d7b661e2693558ffdfac2390cfe51e2199531f70a73b046e1c6e5d861088d12125ec5075534291846

  • SSDEEP

    24576:ByyjFuG4QzAKUhkkGVBrrYQPNWXI1Mu0KFvrQdf3zjY:0oFXhAjhkkGvPYQeIX0KFGj

  Score

  10^/10

  amadeyauroraredlinefortsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1