Extracted

Extracted

• • Target

    54c62cc8664e3f6ee757edcfbb54d78087573fc8e418fc3b1583e48de1de16ec

  • Size

    935KB

  • MD5

    c908006df917bc25975f2bd7a84be0b0

  • SHA1

    42c899d1ada2f88004f139a4571c0be5aabb5171

  • SHA256

    54c62cc8664e3f6ee757edcfbb54d78087573fc8e418fc3b1583e48de1de16ec

  • SHA512

    aee29510c3c4b5e793e833f81350697e756c1719c7c4ccb69545ebde6dcec4f5f56f7859742f9c3eda04b25ec3447f14611dc30942d7521afa49ad310fa58d43

  • SSDEEP

    12288:gMrqy90/Mg3tlrxV9RM27cJEdDhxVkNA/wEg4qvjROSwNuKsudtSMllNP/zNg9:ayiMg3BVRh8NnQqvjR7wNDnSMllNPZg

  Score

  10^/10

  amadeyredlinerosnzimadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1