Extracted

Extracted

Extracted

• • Target

    7f5fac8cb2bb9525318ed9cce9cae09d833e7916403b1fcaf9b1e49578c4a0d1

  • Size

    844KB

  • MD5

    17e782ef87fb204b47a5584ff5cb6e42

  • SHA1

    cd76dc550d34fdd7889cae3783a222525bb7ffc2

  • SHA256

    7f5fac8cb2bb9525318ed9cce9cae09d833e7916403b1fcaf9b1e49578c4a0d1

  • SHA512

    c5e50530a6a3badd9cde5c1d32153324070e25f3733f942fe3c3aed3d16102db66cc8b5caae472ccb6e7f8c214bbc0c8dc56e1b3e7b61dc40abc9752faf44150

  • SSDEEP

    24576:cylW+f6/DZ6VCSiearJ0nIiN087jjq6I:LC7Z6aep1P

  Score

  10^/10

  amadeyredlinenahuirosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1