Extracted

Extracted

Extracted

• • Target

    17cc2d13d211c2bf2b1cc09bac6c47fd8d4ac8ae525c37db6c73eb7848f99feb

  • Size

    974KB

  • MD5

    4d811b9b2167e1af9d25cb454df763a9

  • SHA1

    568193e1990a3804a694f0e537faa074bded6d1c

  • SHA256

    17cc2d13d211c2bf2b1cc09bac6c47fd8d4ac8ae525c37db6c73eb7848f99feb

  • SHA512

    4ef4193103148eca564fb4717f9dd500f25317e559c94fa3d2312a363f6419ee34a26dc540e919d5f7f9a21242fff61a3c200e309386ce78433c74fd3c1d74ca

  • SSDEEP

    24576:2yaUFJFKK63hRJsu2xdI9eCIP7BL4Gn5odxogDYbo:FLJFKt/Jr2XI7YdLoP+b

  Score

  10^/10

  amadeyredlinenordrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1