Extracted

Extracted

• • Target

    86ccce71d1b4a78603a6d9f95db9a7ce85efb757309db3bbe8519391dd0bf57b

  • Size

    936KB

  • MD5

    6cd802ee715041d2eb0449c7556dae12

  • SHA1

    90d0e32a252a2839f47cf9d404b978de078dfc43

  • SHA256

    86ccce71d1b4a78603a6d9f95db9a7ce85efb757309db3bbe8519391dd0bf57b

  • SHA512

    0461c7e564a5dd948e43b99695c37506ec77e40bdc06e26c25c0e6d96612961577d7101ec1a66e2a836d5e9bf452eb1e007232154f9663fc244b5a2d1c260afc

  • SSDEEP

    12288:RMrBy90sfxCCv9hHUgMJAZhAWucX3RaEzOidQIuu8u6xbsJp2vygxa5Fgv2HfK8R:wyxfv9hUAXucnRaEzOilgD1+DDNPz

  Score

  10^/10

  amadeyredlinerosnzimadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1