Extracted

Extracted

Extracted

• • Target

    b92889aecdf21f815b53eff81e85bbe6.exe

  • Size

    844KB

  • MD5

    b92889aecdf21f815b53eff81e85bbe6

  • SHA1

    7fb57d1e62924b2c91d651425490e832d7a0501f

  • SHA256

    8362a776868bccdab9acbd824c9dec84a17c984b101b5992ac56dddedd59bd67

  • SHA512

    06644c6af5228d227fb4ae06209a636d6acd8e0bc6ffc844b368a837f37934804f9fd8f65ce9304d72767a81250979aa9ca5f0e11f41716073bfe3a152edb270

  • SSDEEP

    24576:UyTNSqQGmMj658IWt9CrFIxC0B3LE7+jHC9E4wCUs:jTUqQi658J9txXobLw

  Score

  10^/10

  amadeyredlinenahuirosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2