Extracted

Extracted

• • Target

    34bb3248586a101f0c464449e2b9743d29f77abca82490255e3766fe5f1333da

  • Size

    789KB

  • MD5

    6205fad18a19b63bff5c5c09fa9e021c

  • SHA1

    e55d3218a740ec9e3e62817705bd788f21f6cb8b

  • SHA256

    34bb3248586a101f0c464449e2b9743d29f77abca82490255e3766fe5f1333da

  • SHA512

    a262da36353b45a45419ea636cb1666f339a41ab80542793f21d175342399efa5c9f836b559d135a9018cd91310f476f09ba3b5f465c3d664c525433268111c8

  • SSDEEP

    12288:gMrSy90WFTNc9CEgR5L/zJbb51R8Moqs+iRumtCH0hoKbN8Q+ykwDDQf/fQT:iyhFcELh2qsTuTioKp88tk3oT

  Score

  10^/10

  amadeyredlinenahuirosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1