Extracted

Extracted

Extracted

• • Target

    f358c981527348e5bf0771f642fe4bf9538132bc30168b43eb3ecdaaa774c0d5

  • Size

    1.5MB

  • MD5

    c6b37e7d1c63586ed5b96bfeddba9c54

  • SHA1

    f2e9fae2903e745b70b2da6faa2019abc12f5635

  • SHA256

    f358c981527348e5bf0771f642fe4bf9538132bc30168b43eb3ecdaaa774c0d5

  • SHA512

    b2a7fd8df0ee8530cd189bfd2430c2b3f234d934eff464b76381b8153ffbb95aaab173d15adc1bf120d0cf022d3c30573b5710bc9589f5c4ec185024f3df23f5

  • SSDEEP

    24576:lyqDOQhjKysmmEiwX3rx4YG8k+lTCGO1DY24Htvd7GOPXIm5QSrIPV8fvq18anIj:AhsamGwX7+Y5k+lZqDYp2S0PiGCV

  Score

  10^/10

  amadeyredlineladamasidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1