Extracted

• • Target

    5029188d8e87c44a5ceb87a49fe133b9481e04894197cb1e308d1269871c84d4.bin

  • Size

    941KB

  • MD5

    057bb0a912ca5100b3832a955e79518b

  • SHA1

    6a43ef1621215b9b26aa86db3f5877bebf7cf7d7

  • SHA256

    5029188d8e87c44a5ceb87a49fe133b9481e04894197cb1e308d1269871c84d4

  • SHA512

    93f6dd51a751851d1038127be11a6ed2b2f16116a904cd3f5c1cbf50d318b24c97205cbfdda0000156dfd6b64589eb08ec84d8581cd8b6cb2429a3e92514e619

  • SSDEEP

    12288:Ry90JBURIyoSLa4uSlkZi+xRDAwLiwewhZNZVp3H1arIHoVCaWNxFi13bQKAA+gh:RyOURGuLuOV1abPl0wzRxFi13bQP6h

  Score

  10^/10

  amadeyevasionpersistencetrojanredlineinfostealerstealer

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2