Extracted

Extracted

Extracted

• • Target

    34c3fc4753ec264fa36387225bcfdaa4ad9698af9e103bf6b98376c94cf04172

  • Size

    1.5MB

  • MD5

    dcda856ef251e142cc97f9e36de21fe1

  • SHA1

    38a3548c2f49ef09a61ecc24bd5ff8d2c4bd5d8e

  • SHA256

    34c3fc4753ec264fa36387225bcfdaa4ad9698af9e103bf6b98376c94cf04172

  • SHA512

    b6e6c0875caadb2fbe0a37f02f03642821c53925c4696f1294f98e71d666d371f911b211652587d423920eaff561c339d70b57d8fe7e3a94f78a9b67dbdd7eab

  • SSDEEP

    24576:xywKq7ZHzZkR0bLBol+TpTuX2JYXbhY5whv+H8wim85N9or8ChnNcO2tkqvX7Wug:kw5ZzWR0bLFsSYXdsRcg8vurRNwkM7J

  Score

  10^/10

  amadeyredlineladamaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1