Extracted

Extracted

Extracted

• • Target

    68f4fffa0655da67fe4314d3a0108fe1.bin

  • Size

    1.2MB

  • MD5

    68f4fffa0655da67fe4314d3a0108fe1

  • SHA1

    0be190df38f794040fad8a79af7990c8fd15789c

  • SHA256

    440ca6ae933fb42123ed2368c8d725c51752a31210492a1c731bebc5e1b9a900

  • SHA512

    ee1ef526b07db4b92d0d08f245cb1e1f0be4ae8fc840d0354e7aa5d6c377759671bb95ac86f74d7585c09b09339a6048d75c8b6bdf4fa34f15570ef25f00b3dc

  • SSDEEP

    24576:sykFF3Y25qn+8drBh3UAQf/AQGHhRAZc8sS+1anUJTZ4:b4oWq+Oh9miKVianUJTZ

  Score

  10^/10

  amadeyredlinegenalifediscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2