Extracted

Extracted

• • Target

    a90a2c2190695d2f65b31341442f2531a47733798797767401369c0e736a020d

  • Size

    939KB

  • MD5

    67c3d7ff6a78210c29f8044d03f1cfb1

  • SHA1

    6d2ad325b053106e6077c50d6be3640d12b21211

  • SHA256

    a90a2c2190695d2f65b31341442f2531a47733798797767401369c0e736a020d

  • SHA512

    b9e350f93a5b2d37c265d725427378ed6259c88dfc0a49f1d4a58a9bc33f0793af7ad6d891327a4a59d34ec2da0ecff2c9ab030a6d56cfd10b587f5141e82352

  • SSDEEP

    24576:tyWBy78sN6HajFL2SxbXL4IzVf5wSvuvG3g:IWBy78/aj1nxbsI2rO3

  Score

  10^/10

  amadeyredlinerosnzimadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1