Extracted

Extracted

Extracted

• • Target

    8f657e1917045ee8e298632387b596aa371a2250393c133b01595fa32b499906

  • Size

    1.5MB

  • MD5

    8d99fef1f3956858ccffd8b7d4d6af9a

  • SHA1

    125e49342443cde5c2e01dfd4ed777e073cc16b5

  • SHA256

    8f657e1917045ee8e298632387b596aa371a2250393c133b01595fa32b499906

  • SHA512

    8d391834380a04442b70a562544c3d7c92a2d8b051350de9bc9d2a05d0c98a05979eae9bedd88af6506b6a8a5ee14b8539e6b6a9261776ea7b1f058047813152

  • SSDEEP

    49152:efnCw/lJUaBgy8pFN3RRkkw4SGj1XiF5:09JUfpbkR6NY

  Score

  10^/10

  amadeyredlineladamaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1