Extracted

Extracted

Extracted

• • Target

    de6473d1f1daab91f89aefdcc53c3232b7f54ffc97986757be0f7541111f3bcf

  • Size

    1.5MB

  • MD5

    05d69b240149f893db377a9c6584964f

  • SHA1

    acb6382d515da14602e1bdaaee9871077f84afbe

  • SHA256

    de6473d1f1daab91f89aefdcc53c3232b7f54ffc97986757be0f7541111f3bcf

  • SHA512

    ca5c1217d7fdd7471ad5a792bbfa4086eb55990ef3dcfed549d89e5fa7980173bcdc92b7492a6ce0d13c5a363df90dd70437a54d787ed50a0382131fc7ba93e0

  • SSDEEP

    24576:QytcRTcjbmnmjNVLU+FovkhJylKD+tkrsqH1d8c34AJ4ROZIpQr6FfBqLhlL7:X4TOI8Hjo8hMlK6tw6c34YIOZ4B

  Score

  10^/10

  amadeyredlineladamasidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1