Extracted

Extracted

Extracted

• • Target

    0e0bf8dd64d1b0807c184bacf63027970cb28343a6af5d5e7e1935a15adba690

  • Size

    1.0MB

  • MD5

    a39694b12f0efb475505941db9e53ae3

  • SHA1

    968d5144eb5b20e6f047f65589f30a8fbb0db647

  • SHA256

    0e0bf8dd64d1b0807c184bacf63027970cb28343a6af5d5e7e1935a15adba690

  • SHA512

    92778f5f852f2c5a4a5df081370fc14a56733c073998cc26db07216c4937ac2771460ed286fa70f9364f0c5b4d35f0e7873cc86ae073a238c63d104e15cab1b1

  • SSDEEP

    12288:eMr5y90WQkbuyN0vTTgGv/4NlKD918LP8O+0EqSnmWl5DfaLrLxXeXWka8ZaFEVZ:PyH7gTgG28X8LPtFSVOvtXeGmZaFEHf

  Score

  10^/10

  amadeyredlineliftrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1