Extracted

Extracted

Extracted

• • Target

    2b4cfc7ac167376aab43763ddbf34fd5b8fa92ba513a573bdfb8e2356aaaad21

  • Size

    1.5MB

  • MD5

    a9bdfeb3c351778b067b3da08844b6de

  • SHA1

    5121107998b8624860e9e01ea03e55e5b1eb8c3c

  • SHA256

    2b4cfc7ac167376aab43763ddbf34fd5b8fa92ba513a573bdfb8e2356aaaad21

  • SHA512

    770dee2c67fc5d83170c3e446016ffc99f187abf4ea8c4ae4ce0eac61f719977e63f0af09f5911952c572f012ba8db77712a28ae6acf36bfa979889eb49f354a

  • SSDEEP

    49152:hLIxAlPxWf4AG0eDG5ypg4DeWTlbOU+g:ZxWf4AJR8pgY1TpOUn

  Score

  10^/10

  amadeyredlineladamasidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1