Extracted

Extracted

• • Target

    c6c607170e8e30ac04fbe76569ccc8f136db67d05e570ecb59b5f1590f11c8ec

  • Size

    940KB

  • MD5

    1d695d4e3c2e6a374126f09d92473ef0

  • SHA1

    3a9183aa37702d308f1030bed6aba9cdfd49cd27

  • SHA256

    c6c607170e8e30ac04fbe76569ccc8f136db67d05e570ecb59b5f1590f11c8ec

  • SHA512

    e33ae12f28010db0b9d6a73b7f07b13bd1011ad29f936e85fab1eb422a5ed69860b4ec57b1f81111e5b946c7d98af21d362b85d365ee472e2d0b23c4fd2d49f6

  • SSDEEP

    12288:TMrHy90jAzuuwXB05S8NfIeC2kCNu9kol5qHYRdXB+g4w4Qc46H/+qhIjz5WZe1M:Uyo3X6FtIea/97l5q4LXgzQP6HG4Ob2

  Score

  10^/10

  amadeyredlinediroladadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1