Extracted

Extracted

Extracted

• • Target

    77338afd2ca3a88569985e27e72f4b78eaa641e5b8b2aff329b6a18b301999f8.bin

  • Size

    1.2MB

  • MD5

    f37fb72d2d064d9e72475a448c91df64

  • SHA1

    7daa40a97a8542614ff6b116aeffeb433485f0be

  • SHA256

    77338afd2ca3a88569985e27e72f4b78eaa641e5b8b2aff329b6a18b301999f8

  • SHA512

    63b2d97627786c5b838868dd95c87453bf0e1047537c13eeb56933a84cd1ca86974f11f33a01eec0f648cad02b08bd7f88b82f3ef61bbcd317dfdc383bd8f6b3

  • SSDEEP

    24576:XycH3ngSZHtm+MpT6AKJVz/X+sL5ohYjVonADQPTl:icXgqgRp0zvFo4OQGT

  Score

  10^/10

  amadeyredlinegenalifediscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2