Extracted

Extracted

Extracted

• • Target

    31c755fb455344bff6dbb1f637820f241333b500e9d9b250fd88fb7db1cba3b1

  • Size

    854KB

  • MD5

    0bd147d69bb4867249e6c369147983e3

  • SHA1

    5e09e22bec22141fecf91ca045156edbd3e80c74

  • SHA256

    31c755fb455344bff6dbb1f637820f241333b500e9d9b250fd88fb7db1cba3b1

  • SHA512

    cece9baa5c455f6357139e7e2fca5887afaddccc078ce117b2a8df5f107065e2518ce0d9b92a8a6054ec975604228accbaf1dc1492705df14553b1ce7f341a6a

  • SSDEEP

    12288:6Mrqy90DXwZOxq1OoaFU36Z4jnpnsd0Wfej0nANHs4isET156kHmTGy5M:sy+w8xsOvFTZ47pnsyo+s4S+1J5M

  Score

  10^/10

  amadeyredlinedizaladadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1