Extracted

Extracted

• • Target

    1234859bda85956e8296fe01b8830ccfdf0f79d0d09f3153ddea4dba10f4292d

  • Size

    800KB

  • MD5

    c8023d545aa711159769b6556cc79663

  • SHA1

    f769925cf7b6bb0b17781ff6709fe366374c3c0d

  • SHA256

    1234859bda85956e8296fe01b8830ccfdf0f79d0d09f3153ddea4dba10f4292d

  • SHA512

    7fa0abe523f33ed95ffcf78a5fc9509af85aeaca704f79258189e546af026f38e4454196ac57822421cfcf3f110795203f88ae0b1c5cc10fcbea08e003198d98

  • SSDEEP

    12288:AMrmy90hsS2w+GZhsmq7dy8nkGSdbNf9/xK7Cg27O1moCIfnF5W9PZdM77mUzzd3:WyusSVhfIdyGSbNfZxfZIPFE9RdMh9

  Score

  10^/10

  amadeyredlinerosnzimadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1