Extracted

Extracted

Extracted

• • Target

    10b2ac8a8287f4420ea91690872e1a481578c52375dfd152f214e35c99c3728b

  • Size

    1008KB

  • MD5

    8bd51c660f67093086d2ddc8b56a64c3

  • SHA1

    59209ee7fce746e35fecae4f50fd3c1a204d2c77

  • SHA256

    10b2ac8a8287f4420ea91690872e1a481578c52375dfd152f214e35c99c3728b

  • SHA512

    551649416e9e465fa5edbe1fa2c52b9e55e2b2e708f282d6a30ab0f965da7262b7843f2c159eb6fdf62f7d31dda1e93508889a55a80bf747c021fcb7cfc33608

  • SSDEEP

    12288:sMrzy90MsBwwTAI0BE8k/mRBgVlYtR5tJ4lxfUnAkNGRKInGhfdhE/wiCxxDgJoZ:HyVnex/mkC5QxXRFnGhDSwig8o4uL

  Score

  10^/10

  amadeyredlinenordrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1