Extracted

Extracted

Extracted

• • Target

    ec3e9038010340a7883586bec64eb439a20ab3571d2c80582d312d0d68dd3886

  • Size

    992KB

  • MD5

    c781077c078adcce9384fa1d5a483229

  • SHA1

    f0c7ea6e554bbc4338a563095eae1907917e46bc

  • SHA256

    ec3e9038010340a7883586bec64eb439a20ab3571d2c80582d312d0d68dd3886

  • SHA512

    27b202cd00d27e52d439ea01ad6f0a2ecd64aa403ffef787d431a02910766a06fe6c37240d5ffbfe30626390d43f8e2923984310eac50b3c8927e8b6d5894206

  • SSDEEP

    24576:0yIkjzBglsDljUIszSzmP/2bQj/AA93Y1KU292N6Gt:DIkHBUsRAHPebQj3Gcf2N5

  Score

  10^/10

  amadeyredlinelinkrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1