Extracted

Extracted

• • Target

    79bba3f51275cfc62db401f08867fd12cf3f109e0b83ac985d1e3aae046865bc

  • Size

    922KB

  • MD5

    4a13fb97f4f6843941d0f4bb06451afd

  • SHA1

    0daae10d6c2df7eca301d90cc4fff2493e0900bb

  • SHA256

    79bba3f51275cfc62db401f08867fd12cf3f109e0b83ac985d1e3aae046865bc

  • SHA512

    4859025b45e9a16310a52a5c36d6930dcacd066e7a5377f722be2ba88e6dd2ace56c1dc6d1037b77fac00c584f43f120d328448ca2c479f5f866e6f499b20c02

  • SSDEEP

    24576:dyqfgZY0TccNG38V/MjIMcc1REhb6Fnq644UKQi:4tHw8V/YDGb6Fh44s

  Score

  10^/10

  redlinelupadiscoveryevasioninfostealerpersistencespywarestealertrojanamadey

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2