Extracted

Extracted

Extracted

• • Target

    2000feec0d6724283f2bb9e68fd99b7b.exe

  • Size

    1.0MB

  • MD5

    2000feec0d6724283f2bb9e68fd99b7b

  • SHA1

    f7a16f90191517a2bebe4a88d247737415ec3d9f

  • SHA256

    d59416ce222f3595a77a552a602b73f99b2c4c2ea236b1a52164ae989ec57eb2

  • SHA512

    d9f19091dda387490c2b2412fa62b2b104e3df176e282da0e1a64a03ce1989e820c84357153dab85b4eface1c2c2e4901ab6604d85faa206d63ec6c7b438d71f

  • SSDEEP

    24576:PynKWyhE7uqjJcso13MaaVPsjjBm4LyWrHIOahp:aw27uqjjsMaaVUn1LP0

  Score

  10^/10

  amadeyredlinerentarosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2