Extracted

Extracted

• • Target

    009fd97a5edf9a5000c4a8e4a0c2b5a601284da973645d96c34c5d25f26b4aa6

  • Size

    1.1MB

  • MD5

    baebe382ec81260576ea640a1eaab26f

  • SHA1

    9bf8cc1ea60453ebb99f4e8d91841df2e33f6530

  • SHA256

    009fd97a5edf9a5000c4a8e4a0c2b5a601284da973645d96c34c5d25f26b4aa6

  • SHA512

    3c0f868b131b952fc42bb5f819b9468e742ce420ae135ee7b8d75cef9d07073d931b70eee1ddabea1cd6f856a40f9c3247d93284efb6374c8328ed49e1acf5ed

  • SSDEEP

    24576:RylIgbQ2NkQs8cNgK7h0EU6j2zoEvdKc0i:EjL6xD7hJzyUEvdKp

  Score

  10^/10

  amadeyredlinedizaladadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1