Extracted

Extracted

• • Target

    f862393a2401b750a0082b80fbaf6982.exe

  • Size

    490KB

  • MD5

    f862393a2401b750a0082b80fbaf6982

  • SHA1

    e9519809c352ed8460278d7e4f06c5774e38d64a

  • SHA256

    ada4e796f71690f7f8681bcfac62445e470e4987c530b8781daacf91d7a5017d

  • SHA512

    d427c7aa1c445107323f29e0c8e76e7f24963c5c97b305b419afa76b8ffd1dcecdbc815215814edf948ba08672f68e0b38b1893cbf205812845d2264d4a19787

  • SSDEEP

    12288:qMrty90VDN6wb0O+MN/rsnyXiIs1Uf/h39Kljd:jyoNf3lQL1arKld

  Score

  10^/10

  amadeyredlinelirotdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2