Extracted

Extracted

• • Target

    2338fbe23be18aa48fa9994bc337050b9ea93c6056cd577985a4f539fbdef2fd

  • Size

    927KB

  • MD5

    782742ae6b3800a49bfac02f3b84829a

  • SHA1

    0c72935a2673e21b004108bee065f3c5d5ba6d35

  • SHA256

    2338fbe23be18aa48fa9994bc337050b9ea93c6056cd577985a4f539fbdef2fd

  • SHA512

    6015ec36626f8629ae462ece0e26c51493bc8baedc5cb2a9d0344ab6e40555422f626fa804798deba8bfc760f976d06a523dcf215ca6c5cae3f3c27f2f9a0328

  • SSDEEP

    24576:hyRP7s5/vyE6C4v05/j+ZxjiCZbOM3M4I:UOdyS4vaCvZb7

  Score

  10^/10

  amadeyredlinenahuirosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1