Extracted

Extracted

Extracted

• • Target

    e0d30f3b6665d280dd38cc15059f8c9d558796b8ceb440c5d8bc5f01eb5ed7bd

  • Size

    1008KB

  • MD5

    4271ef689311c1a35f1dc99f8226f6c3

  • SHA1

    639e55fa47a321663b7168cbca4ea4a648a306a3

  • SHA256

    e0d30f3b6665d280dd38cc15059f8c9d558796b8ceb440c5d8bc5f01eb5ed7bd

  • SHA512

    637749a0ccb4aafeea995e3f80db350ae5dc92a66abd2bd5d44b04b25b4a8aa3c50958924530010ff81201fd8c1a5291b1afb680bf5c5e5acf3b105d0fcc0f5b

  • SSDEEP

    24576:4yQwg8APAha5Tjl7DBBpgLGY9HpEwzvwlAd7UYT:/QwhIXtR5BpgLbHpSle7U

  Score

  10^/10

  amadeyredlinenordrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1