Extracted

Extracted

• • Target

    187c79698c8007750a9dd53bfb530bfb70d33ab99dc67671117d5711b29a3e0c

  • Size

    1.1MB

  • MD5

    f80b4f915aace5b0ede345bf227d2d96

  • SHA1

    4aeeb87b85a4daf1e08dab31ac9eac53913dd584

  • SHA256

    187c79698c8007750a9dd53bfb530bfb70d33ab99dc67671117d5711b29a3e0c

  • SHA512

    e74f8f746b53817e4a4fb4f2c1662f376a9bd79b1b2a5fb075279abe3204762fb1fbdb8abb05f6cfc3066dfe9a5bd83a59b3498ce2773b9596319d72a0c1eacc

  • SSDEEP

    24576:9yCFFpeejZyLTFjdDG85pA3sTRyHyuFEQUxv005tXe:Y0neewLhhDPE3DFEv

  Score

  10^/10

  amadeyredlinediroladadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1