Extracted

Extracted

Extracted

• • Target

    c02017fe835cdafea71fc2da1c013df8d2dfab5301305af255ec8bdf96b71bef

  • Size

    895KB

  • MD5

    8fd665b65ef7b0d039ea53fa622f0760

  • SHA1

    b0a4d073e8d5e1c87217a3ff885ea9def4b22ae0

  • SHA256

    c02017fe835cdafea71fc2da1c013df8d2dfab5301305af255ec8bdf96b71bef

  • SHA512

    f31734bb7411fbb52c5c598e19257f18fab6fd1f7a19805ae7ad54709471e684384c773ee225567a0cb2854877a468bb05e436fffb784ea1a46e639a7f7ee378

  • SSDEEP

    24576:ayYbfFWq2Ni9DgyRIUIDmOvZhsknlcwCVjCHMj:hEfsq2NoUWICCZ/nlz68M

  Score

  10^/10

  amadeyredlinedizaladadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1