Extracted

Extracted

Extracted

• • Target

    25d0dd649a54ce370965c64a6bfa1e22df3527dd168213093a9c84e82579e117

  • Size

    853KB

  • MD5

    364dfc1a0c1304cc61ccb4b66122e41e

  • SHA1

    fe119e81ddb692023fe687c0f0a974b1fc5d6142

  • SHA256

    25d0dd649a54ce370965c64a6bfa1e22df3527dd168213093a9c84e82579e117

  • SHA512

    45811d5d1b726ddb738e653b88ecffa6c6780e9ab37a61cc49968a1f19cc4bc3ca569883f16ee6ee8f4a90f64e038ff5b9865b39f4882a4f808c7330d187542f

  • SSDEEP

    12288:JMr0y90FpuZgm03n7WwB8oyKTCUhuMY/ctcFL8HFHgaYM4+yIS7KFnV8D7s43Xb:xyno7Ww9jT11Y/ctk4hrYMcIno7h3Xb

  Score

  10^/10

  amadeyredlinedizaladadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1