Extracted

Extracted

Extracted

Extracted

• • Target

    75531bcd2c92c9ef3d34c1cfd40749827c2d6c4e85a2552e16b6302fb3bdd345.exe

  • Size

    988KB

  • MD5

    849376bde5159dad82b0d80a88f99c32

  • SHA1

    8631788c0494ed2161074c4e486ad4ec8aef0ffe

  • SHA256

    75531bcd2c92c9ef3d34c1cfd40749827c2d6c4e85a2552e16b6302fb3bdd345

  • SHA512

    a1f989b491feda99cb6375df48311022327c4a6bbf8f031932895888e2f58060366af0d61638a09993862f50e0f73f0df334e88ddda2fae15e31b2439a00e168

  • SSDEEP

    24576:nybUvbSj+I+tpTnB5rhpfnFPn+r6wlsrJpVG0M7k:yyby+IUJzXUr3arJrNY

  Score

  10^/10

  amadeyauroralaplasredlinelinorosnclipperdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2