Extracted

Extracted

Extracted

• • Target

    defc85abcad2e2f4eba38fc830b6eb2d01ebc408370189e36d754cb2b93c5ccb

  • Size

    787KB

  • MD5

    45e4520f0a812618bbcb19ac6daf8fb3

  • SHA1

    5f7b4b9b0c85d4e4ed640c75229f2b3ed3ecb218

  • SHA256

    defc85abcad2e2f4eba38fc830b6eb2d01ebc408370189e36d754cb2b93c5ccb

  • SHA512

    895eeebb9a802f70f0adbf4917200b1ed7eda1e4a398021771e61153404a50e80708be934d5c09a4eb6311438a6b92c4fa5996776cdc61f231f36617914d31dc

  • SSDEEP

    24576:7yF+UICOxQ6kMeniRqzA3iteYXfPqBpB:uFJICOC6kMt4Uue2nqL

  Score

  10^/10

  amadeyredlinejokerlanadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1