Extracted

Extracted

Extracted

• • Target

    02bc8292571ec75c91d498e0eb782dc8755e91bd2527e6e301e76fce3a65644c

  • Size

    1.0MB

  • MD5

    7b0da14f42946a8f180c20e697df948f

  • SHA1

    1cc2ee851067fa1c0e511bb82ccc6e44c031752d

  • SHA256

    02bc8292571ec75c91d498e0eb782dc8755e91bd2527e6e301e76fce3a65644c

  • SHA512

    23939a87d8b5ab401302ee264f9a6fe779b7b68e02bd4b3be5c785392097ae489e8a7dbc764ed83e7ac6d608fbef88d53a1d0ed2b70ce8203a1c95f7f64e6dac

  • SSDEEP

    24576:tyI5O4VF0dmhd57ALG1f+9Qv5yiKj5SoEATqhTBgqyewIl:IIAwFTFsD9G5yXSdATW4ew

  Score

  10^/10

  amadeyredlinenordrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1