Extracted

Extracted

• • Target

    14aa9d7478eda5688be3be05e92f307ef641d06f363e0374399c1b60725e72dc

  • Size

    939KB

  • MD5

    1e32066034d56a4c00acde1f922148de

  • SHA1

    b73d53882757d8663453fdc5b16a9890b99c84e1

  • SHA256

    14aa9d7478eda5688be3be05e92f307ef641d06f363e0374399c1b60725e72dc

  • SHA512

    9d3b23e4d84c63c8176b084d865ac690d405900ae82e653aebc8f3458c677dd7604239ddeaf98e5c0b2f2148ff6a1be7c4e238ccd45ed21d5d9d0e7f73261109

  • SSDEEP

    24576:5y3FP3SO/yslmLb6YIfIDL3t9iKIxHTGsS1FVd:s3FPig/mLb6Va0ZTNS1F

  Score

  10^/10

  amadeyredlinerosnzimadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1