Extracted

Extracted

• • Target

    5c6df1db9e5808e1b35d86a50b890b8801d7d3e755ed90fb4d5cea1e69651843

  • Size

    800KB

  • MD5

    c9f7c78159b7582fad16be1eca6e85fc

  • SHA1

    ba09e377f323e26e32d7a08adc900551b309a201

  • SHA256

    5c6df1db9e5808e1b35d86a50b890b8801d7d3e755ed90fb4d5cea1e69651843

  • SHA512

    0d7c5b0f7b800ee5b72f3408f5cd836e6941a109d243b2c1c33269610e5a50a4ce2da911d608efb1001a9f46740db345490317603cd81393ddd33a8afb2d0056

  • SSDEEP

    12288:rMrYy90/+pm8OOSGi4WB4ZeLd3HTKhhVyotii2YWM1BpDp+hnK+NrHt0fK1kNkhj:7yeD8bix/3zKA0iZx0pGd+C1kNk9

  Score

  10^/10

  amadeyredlinerosnzimadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1