Extracted

Extracted

Extracted

• • Target

    2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f

  • Size

    1.0MB

  • MD5

    8518c3a296e03f87907f1c1aabbad258

  • SHA1

    d20d97c7cc0393998da224b3d7e8db2777bc7343

  • SHA256

    2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f

  • SHA512

    11a003735dd4d295ca5b60e44715a7c2a2b9f8e1edbd0b7563d4b02f350e8228a6c023461199c97b52d350b31241d7dd9856303aae02ba128fa11b0b3f72cd08

  • SSDEEP

    24576:+y9Wgq1YGXtGr8l+MzmmiUjfvDdKnAP3hEA3UjQ9QdKBmT9rKo9e/ir:N9XEYow84MEMBKn4ajpdKBS0/i

  Score

  10^/10

  amadeyredlinefortsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1