Extracted

Extracted

Extracted

• • Target

    ac73bbeba3859919b64e5b15abd6f9ed331c16b0a7838b76d17e19de70a1c9b2

  • Size

    1004KB

  • MD5

    493dc410063eb5c91253301d41865093

  • SHA1

    1224f776a641a22ddbca3612ca75f3761d2b0eb4

  • SHA256

    ac73bbeba3859919b64e5b15abd6f9ed331c16b0a7838b76d17e19de70a1c9b2

  • SHA512

    3fc66e73e94902536922eee7892e079817397ef52a04b87f8091631847adfe70231afa734a0730ca021246fd1d390088d011fef5fdf938f73d74e3d349ee1adb

  • SSDEEP

    24576:CygK8aj+la3dQy4/xssPvgWCaGth5T+VqmJNEqpaggqsxiCJ:pgQj+lGQhjXgRaIhZ+UmzzrsxZ

  Score

  10^/10

  amadeyredlinerentarosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1