Extracted

Extracted

Extracted

• • Target

    0f375a7a9ce798a30569ae7ddde32327f28e6acadcad4b239179c57d9038370a

  • Size

    1.5MB

  • MD5

    14663f0632d5e6a6d03a45e53398172b

  • SHA1

    89829aaf54db0b2e05c87173eb54a010c2bf1e89

  • SHA256

    0f375a7a9ce798a30569ae7ddde32327f28e6acadcad4b239179c57d9038370a

  • SHA512

    06ac7a9ce61e1016710adffed9f7227452eb9cde75fb0a94e4f1ba69ad19165e4310ae25688dd9579f9585c4bbe5f3e992a2e022c8d094551d3c0a8e37d8b14f

  • SSDEEP

    24576:vyPxLMtmBkMh3jh9Jizmmwl3ZfvOsnI/VeYZLzkRkJ8oRlSgOid/udznQuik2JJz:6PxL52CViyFZfvOsWdzSHo6gOymd5di

  Score

  10^/10

  amadeyredlineladamasidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1