Extracted

Extracted

Extracted

• • Target

    6190febf7f6cc321dca484d0494d3fcb99cbd7b9e8ea0424f93f979bc231b771

  • Size

    1.4MB

  • MD5

    a6ee1c3e96e19600ad1f0954d5a6eb95

  • SHA1

    d6daae1ebd7920831e5c877da7207803ba4ec86f

  • SHA256

    6190febf7f6cc321dca484d0494d3fcb99cbd7b9e8ea0424f93f979bc231b771

  • SHA512

    b3654758d7bc84cd9e0d07d59f9fd76c5258045f3f607840a10f7fc4b76e7dce449c248b97444cdf9aaead280c4f86c1efe6ea6b3f70bd67f4771793da8d7957

  • SSDEEP

    24576:4yAXKBgF9EY+RWlvWmh0j+3p0ee03XhEg3rqdfQ0x7xGfUMgI:/Aai0t0lOmH6eeEEg3rGQS7xGfU

  Score

  10^/10

  amadeyredlineladamasidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1