Extracted

Extracted

Extracted

• • Target

    31ad45865369f8ff01ecdb472aa16892c76cd3414b437197e8a6820258a1c718

  • Size

    976KB

  • MD5

    3ba709fbf448cdc9f275c96c8ed5cabb

  • SHA1

    a4c0b8f7ff9bb6fdbafe2b5063785cfb0ac9dc90

  • SHA256

    31ad45865369f8ff01ecdb472aa16892c76cd3414b437197e8a6820258a1c718

  • SHA512

    e6fa9c5448c2987d23923d582ab99e2ae259c37e6d58e9cfabaade8668faf0a2a503a33d178139d10453f160e76f9bb93003d9e4e14ae8ae1cba7df0aaff1f85

  • SSDEEP

    24576:WyeEA71mO0UVf/L0VRYRWBlPYdIaQqcRbgVuK:leNQUVnLcYRWisqcR0

  Score

  10^/10

  amadeyredlinenordrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1