Extracted

Extracted

Extracted

• • Target

    4b19b0b195f918f90ce0fe97c4a77e685454bcab4a1bb96b797cc9d477ca348e

  • Size

    989KB

  • MD5

    3cdaeb609598f57f199730caa3dc71ad

  • SHA1

    77b5eb0bb03add9878262bdffb4e1e34f1e7cf12

  • SHA256

    4b19b0b195f918f90ce0fe97c4a77e685454bcab4a1bb96b797cc9d477ca348e

  • SHA512

    0d166350fed5e047620a1dcbd032050b1d8684f19e3897de7109b5ebfee9ce0854bafcef0b7b655c46773fc822431aea85d3a0b54b8c04a170ab8ff71aa21a15

  • SSDEEP

    24576:KyDI35rzBYdEzsd/9FvKttBZD8vfvtu42yMY98OrkoR:RDsYSavnFN3gOgo

  Score

  10^/10

  amadeyredlinelinorosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1