Extracted

Extracted

Extracted

• • Target

    a178be55edcc06519aad62bda8798f195bc41d5886a1eab287a7c0290331a561

  • Size

    1.5MB

  • MD5

    75e777048c88ba18957e5bb506e66a1d

  • SHA1

    55260b8de68bb8581d6b9cc0a36d97236cceb0b6

  • SHA256

    a178be55edcc06519aad62bda8798f195bc41d5886a1eab287a7c0290331a561

  • SHA512

    a83a51d5a426b71a1d1cc38e8b2f7927877df1003f2b7c3dbe8afdf27fafeb35d0684d059bcdf3b5258d02647c5aa9a36364486c1d019b23f4e874bf02523f59

  • SSDEEP

    49152:F7ac31iVRs4nF5DANZIkxb08T5xqGiJe:gc30V+4nnDANZrQM

  Score

  10^/10

  amadeyredlineladamaridiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1