Extracted

Extracted

Extracted

• • Target

    e8fcd3f4c6112924e9f1d66ef1935419.exe

  • Size

    1.0MB

  • MD5

    e8fcd3f4c6112924e9f1d66ef1935419

  • SHA1

    9fa55b3d56cd4de75a2573fed7b2c5bbbfef7608

  • SHA256

    54e35ed1cf612cd929642c9fa1bee248c16d7b705b2e3f105008ab6ffe74ad51

  • SHA512

    e4857fe913d2afd56d2e572afbb77af0de9da4d8da555b670adad5d0cd44649dc8c795e0055d483318de3a59b759d4362640515de9aa33f74f87d14ad012c590

  • SSDEEP

    12288:4MrEy90BRgvjnSs2/YO7E2fKT2G6HiAu+hTx2HlNooHAW5SnyQJsO4NkkYDn3lZ9:syqR02/8T2GiN928h1JsJ+DEIcFdup

  Score

  10^/10

  amadeyredlinerentarosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2