Extracted

Extracted

• • Target

    289850faca46dcbda2f230f19b177db3689a85b8a81b6255ed7df1d5b48008bf

  • Size

    941KB

  • MD5

    a6206bd8f798cc9cb2e5bb95f6b23e01

  • SHA1

    edc459ccb523e372ceec0a9372375b4ea8d04c0e

  • SHA256

    289850faca46dcbda2f230f19b177db3689a85b8a81b6255ed7df1d5b48008bf

  • SHA512

    ef4b3861e17ade1949ae46488bfd754a1711d961ed22c9863a44777f8c767e7ba96a67fa1feb3a17646a61a61f0d9d3490b304563417977d7df7905f7cd617eb

  • SSDEEP

    24576:+yrqWjldcw6he1r+FpXy4MgCvOnqq24DTH5Mgdf:Neoldcw6hzLypgsitHZ

  Score

  10^/10

  amadeyredlinediroladadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1