Extracted

Extracted

Extracted

• • Target

    d285f202ad6a1c14c5bd3d20a1807c921dcc805d2421a4bf17a55c1a8671325b

  • Size

    989KB

  • MD5

    afa42a92ccc2105c3d4806f28ba3528d

  • SHA1

    92deb1efe2616d42545fbc069552f87cff53fc97

  • SHA256

    d285f202ad6a1c14c5bd3d20a1807c921dcc805d2421a4bf17a55c1a8671325b

  • SHA512

    93d9da5b63cc80dc2f7fb1987841b772cad1d3e1572c1351fc62642de0780d2e8d885e0e85ae564a8e6450adfc94daa0697ab1b6b0b53b43198d5b8c5e4d9b84

  • SSDEEP

    24576:4y+J0NhpPJCnQwHMsKYe7b01BiKzphPUuw9Ng6glm/H1Chv:/++pPJZie7byBLzpXEgjm/Vq

  Score

  10^/10

  amadeyredlinelinorosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1