Extracted

Extracted

• • Target

    f17ede0f57c607e5cce6bfa5a89b30ae547ff2dd9732b338e23f49c5935487a8

  • Size

    1.2MB

  • MD5

    922b31538ca68987cf55a54d2d015333

  • SHA1

    ab053cf478a6d7ad373814ec3bb43845942a6482

  • SHA256

    f17ede0f57c607e5cce6bfa5a89b30ae547ff2dd9732b338e23f49c5935487a8

  • SHA512

    ac25634d74ce2ee6bf7232bd14335ce0288c785f3981937755b69ccd81b2dd12cd89a303859b651a90a313ac61d1e589b1bc60e69d0a2302170b3859abbb2cc5

  • SSDEEP

    24576:IyJ/Ncu6zxuC2sohcplXWPO8q1iIqgh7NvoGEm82h4BPyVV1BxTaR1d2:PZNW9qcrXWPnvWQS8JBcBxM

  Score

  10^/10

  amadeyredlinediroladadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1