Extracted

Extracted

Extracted

• • Target

    6c42ec61c6ac7d9469c9e3aae75080ccc3215b47491a6993235fb1a449ab1a3d

  • Size

    784KB

  • MD5

    ddb4af9f226bab74e2f9e63a5c0d8433

  • SHA1

    e5e9f3ebfb82acaac02f8c60c93c7855a3b5a731

  • SHA256

    6c42ec61c6ac7d9469c9e3aae75080ccc3215b47491a6993235fb1a449ab1a3d

  • SHA512

    d0863636c5ed01cc25d6831fa9d423449d400475b37c78bbb063b08fe2a490b44bdd3c25a071322f865c444ea31f279911adee802c410e8838af8cefc1d78c7d

  • SSDEEP

    24576:Cy7Ub/WENaneXkeCoPRZa8PSeU0dV1m3Gs:paXJkMJZaKSeUuV1m3G

  Score

  10^/10

  amadeyredlinejokermanadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1