Extracted

Extracted

Extracted

• • Target

    f5492240112f50d588ed93f4797930837d6c774b33a7ab5c563728ac37a2df5a

  • Size

    854KB

  • MD5

    ac2e52755676fd90b61499408a1fafc8

  • SHA1

    fde4329cef1bfb4ce7ba45fc4216174cdd54f76f

  • SHA256

    f5492240112f50d588ed93f4797930837d6c774b33a7ab5c563728ac37a2df5a

  • SHA512

    efc155ef83cf7746cf01beb8436cb87fc6408deda631aec9cc5bcb09732c9b863345d270de254f48d2c55600c39aaa82df727105e1256d946fd57fe7610f2abd

  • SSDEEP

    12288:5MrOy90XcL+KncHPfZ9aYmnicdJWCpnsKKW4eQU7A3HCSfwJCvLVEH9RWKtDondo:HyCwtihhmnicdDpns5wICuwE6dR7Deu

  Score

  10^/10

  amadeyredlinedizaladadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1