Extracted

Extracted

Extracted

Extracted

• • Target

    73916c2486ce70d19ee7fee2d326fd55cf70294db8174fd0b1319987421c66c9

  • Size

    1002KB

  • MD5

    1ea8ceebf636d5065e6bb99adf51ad74

  • SHA1

    0fac60f028625629052102ed0502d32409106d8a

  • SHA256

    73916c2486ce70d19ee7fee2d326fd55cf70294db8174fd0b1319987421c66c9

  • SHA512

    3356ba51984c01b6eeca03fe083ce7dcef97914c4a5e47fbb974b76c15f910aba0412f248e4536e87a2fdce6696a34f506041bb8859aaf7026c6936cd2e63a51

  • SSDEEP

    24576:nyNDMot0NWeGW1xZJAMfuUhf4htDwR2TnOZAUmpFHRkL:y/WXAKcTrFHRk

  Score

  10^/10

  amadeyredlineliftredlinerosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1