Extracted

Extracted

• • Target

    389a506f40730ae285d64923f6f17d7156394e8686f439e129fcc2804601b6b9

  • Size

    790KB

  • MD5

    da37f186b3d62af126f8b988eef511bf

  • SHA1

    06892698c152f320e9f2be51aefd4434da9144d7

  • SHA256

    389a506f40730ae285d64923f6f17d7156394e8686f439e129fcc2804601b6b9

  • SHA512

    52317b50a337110a2039a913db3feb42ea400579be89b974b08f8ca684913b0efd48f5e99c1642f23c8a9d2a20eebe3a0c960e3fad441c20979d193eca136a93

  • SSDEEP

    12288:3MrPy90uwIE/4FfchZJYTRpxvg+ifEmgLUt41dOY5b5vCABY85Vsa/WJ:wySF61bx49ElQ41d55Z+9yWJ

  Score

  10^/10

  amadeyredlinenahuirosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1