Extracted

Extracted

Extracted

• • Target

    70ea5f964daee7c1bfaeb0853777985865bbabc4e68d4bc12e40e588648a0423

  • Size

    735KB

  • MD5

    6d0e72258a7b010a12a30f9929db63dd

  • SHA1

    da9292e095ffa070b6a26511b99e27408fc9a664

  • SHA256

    70ea5f964daee7c1bfaeb0853777985865bbabc4e68d4bc12e40e588648a0423

  • SHA512

    60a305813629e6c58452ae04e65e524be90328e66c419602403bbbd9362db3d0e41989530417a65639fddc237a85ec913b34faff3f1dbb2c30dcaa7735e4aa86

  • SSDEEP

    12288:qMr9y90mSDHB5IPdh5H/xKYLhwxH3pnoDJY+HGhNwqnWA0Zjf0:Hy5q5IPdL4YGh3pSDKd0Bf0

  Score

  10^/10

  amadeyredlinededogregadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1