Extracted

Extracted

Extracted

• • Target

    44a8086ff42f1556e64ebb3c5719b1017991b59a9c2b5f7099bfb7876b671628

  • Size

    1.0MB

  • MD5

    18f17101a662f196f18b78d2a2b702c4

  • SHA1

    ab14a59e790f37b3d08f3aa490bdb3804d972e4a

  • SHA256

    44a8086ff42f1556e64ebb3c5719b1017991b59a9c2b5f7099bfb7876b671628

  • SHA512

    b540e2404ab11ccf2a9e4febf80c9f551e9b0675d3869cc3368fcd55df25c7ad4b1c2c07389d95a27ccf6bff67c605f5d2bec38f5611191329225bff147be447

  • SSDEEP

    24576:2ynprZOa8KfbqWRp3khchtrS4EIsQIkFryRx3WXEZ:Fpoa82khca4EIsQIkF+73W0

  Score

  10^/10

  amadeyredlinereivsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1