Extracted

Extracted

Extracted

• • Target

    60e18d9c09c6824fe10203497d4d70f5d916352a6676228cc9f032fc5780996c.bin

  • Size

    1.5MB

  • MD5

    d8cfac3ab1853e8c5ccff554f7b762a5

  • SHA1

    1f1d76dd2e730f42f8bd1a8127507f55002d4bb6

  • SHA256

    60e18d9c09c6824fe10203497d4d70f5d916352a6676228cc9f032fc5780996c

  • SHA512

    528499106905d4d6858e5965e97b2aaa0b90da5cac55a3716cdb2f9279507fce6857bfc717063f14425cbbbc049d8ebe5fc240bfd252256274a80a97e67f5db3

  • SSDEEP

    24576:nyRRY9XwpFeAyv3hlZTEBrdjMgolZVeqAJ9DVPahC7clyGopw67cNmedeRinjg:yRRUApFeA6hXEJd4golm9yC7PEY

  Score

  10^/10

  amadeyredlinegenalifediscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2