Extracted

Extracted

Extracted

• • Target

    4a218018c41eab9aef131738b13b73f14e2facb7fc3c9076174b18e4405a383c.bin

  • Size

    1.2MB

  • MD5

    77f22c7da49238251f7bf4978f70a631

  • SHA1

    b242df204fc66f9ca58676561a0170a37523dad8

  • SHA256

    4a218018c41eab9aef131738b13b73f14e2facb7fc3c9076174b18e4405a383c

  • SHA512

    6c1addaecb7b4e808501f29f36a4ec1471d31d4d227659bc446df16e16bd902bd44ae28e857f5e54977db73a5da1d346bf31d50535ecd4195c9580a81c722a66

  • SSDEEP

    24576:oyyU4SV+AFJXserkayMJqFIrXuzXvxeTs7Oke6kieb3DTV:vSS19seNyMJ0eXkpVzkrbTT

  Score

  10^/10

  amadeyredlinegenalifediscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2