Extracted

Extracted

Extracted

• • Target

    bf14f227414549b229b663bac5416c0fe0b92778789803c17cf5ea012b9d5713

  • Size

    988KB

  • MD5

    5d94a0fffea528779f0880ca67da7adf

  • SHA1

    30fb39c540cc41e4c2debe77816f6b9b3385cf72

  • SHA256

    bf14f227414549b229b663bac5416c0fe0b92778789803c17cf5ea012b9d5713

  • SHA512

    c248eea76532a92ba5c4dce495ce832cad3cc63d22408ff082250a7243fd9a25569ff1048a90052fe4f1f4ceab4efef8e280cbedb2c559cff4495b788821d07d

  • SSDEEP

    12288:RMrqy90auJAV4pnTWZyfODUSj9BMaz0G8lAJscoI4lr5ln8egfU+vU3lZ:zyEA0EJj4az0G8lAIF/8egfRvqlZ

  Score

  10^/10

  amadeyredlineliftrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1