Extracted

Extracted

Extracted

• • Target

    36c212f2cda6dd81c6b09ee9192086b8f52a8f71ae6ea186642d41dddf7add42

  • Size

    844KB

  • MD5

    4905d08fccf6e8ac49c5b354021b0233

  • SHA1

    f7767f8e15657a9c7a08b347177d7614e3f8c58a

  • SHA256

    36c212f2cda6dd81c6b09ee9192086b8f52a8f71ae6ea186642d41dddf7add42

  • SHA512

    3c78a63b5fa53f4904ef7afdf713c2ca60b6c74f821d3c655bbd1ec496c00aa549197b6f1b6aeb941309b5a7447e101ccaf5602fc95c3296efdf719a982dccd7

  • SSDEEP

    12288:3MrLy90qcOTz4sJ898aWSwm/rbCfno3hvvez1Pu7b5zjKpWqbMZ4V:wyDz4XxW1mr9xvvepPu7Vj6MOV

  Score

  10^/10

  amadeyredlinenahuirosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1