Extracted

Extracted

• • Target

    01b4a773cf17ba0f4de3a6bdcee514f1cb16e8a2ee11b8484398befa07b6bf02

  • Size

    939KB

  • MD5

    6d971fe860ff78f6ac65acf8e57d3d90

  • SHA1

    0c78a505367298ee493086fbad91b54967e170b8

  • SHA256

    01b4a773cf17ba0f4de3a6bdcee514f1cb16e8a2ee11b8484398befa07b6bf02

  • SHA512

    27acf9b25d3536c814640339631336f8ad187cd93e062816fa5eedd36f3940755a7f5cd428245d3ad3719cc9fb27d5d16597f6d0548b1aad22a94134ccb075f0

  • SSDEEP

    24576:SyEx/kmjMP2UVX8dHnPmsaIJP7cMV8D3MS5EoF5+:5YkRP2UVunPmlMVi9EO

  Score

  10^/10

  amadeyredlinerosnzimadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1