Extracted

Extracted

• • Target

    tmp

  • Size

    3.6MB

  • MD5

    c36d9435c54d17c24df75b7c45392d48

  • SHA1

    6ab995f01d27fe3712c7be12645451378d5d909d

  • SHA256

    758d84dcd08df8a8f0444a5f68d2a42667696bff98f91d6a4a08ceaedc80dba1

  • SHA512

    ba41dbe30bf69ce1ed350fb3b8c384e96e817aa3e6d6a8a2ea5c13fbe9063d917c36265d9b7cac1d6abf4d880c51d23a51c7af0c42dcf6e6e545bf870836661e

  • SSDEEP

    98304:ZboMp76iijaa8Rmi2MqYp+oKGdWB7TgI/XD:Zbo+7zEatRmi2MqYp+KdWBfgqD

  Score

  10^/10

  amadeyredlinesmokediscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2