Extracted

Extracted

Extracted

• • Target

    71360da377d0f0b0826f2f520f2968ec7b0a930e9d36fa4653cba98133b2150e.bin

  • Size

    1.5MB

  • MD5

    1aec6e0584112c85be803269940c5dfb

  • SHA1

    c1cd619b940ee51611b2240a1f1cc81c1afe3442

  • SHA256

    71360da377d0f0b0826f2f520f2968ec7b0a930e9d36fa4653cba98133b2150e

  • SHA512

    a86d922afeb8a6a13f816090b9c4a184866a089989667a5e26c88f698eb752f46a245d1029d9fe7957aa3465581d950a8b80bd5f061df27cba4ef5e71a164cc5

  • SSDEEP

    24576:+y4atD3RSaIvKKOEYLBtgMv/9I9L1je3yx8shHTmbMDWsZUSAm8X76lM8sH2nO:NVtDsa81Y1t5nm9wixVhiUI5X76lMfW

  Score

  10^/10

  amadeyredlinelifediscoveryevasioninfostealerpersistencespywarestealertrojangena

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2