Extracted

Extracted

• • Target

    a4fe1d2d05ed8c38dc841a082e270f68.exe

  • Size

    526KB

  • MD5

    a4fe1d2d05ed8c38dc841a082e270f68

  • SHA1

    61ab976decb913d2803669fb775079e86362c2ec

  • SHA256

    f1502e00c5e2c22d5e1394a5ccf1375f309da279544855419a713701accd9dee

  • SHA512

    729010fd15cecae59126747293a85598d20e534c6083a1b7828d23778277a395796d92b0cd201e2b6c61c3e66dc8943d35726a8d9c5df5be5cbe20912a524090

  • SSDEEP

    6144:IrMkpXPQO2LmBuOY5P3m88BtK3wx22DKmvbS89KEW8ssTLZcC/qWwRAxrvlR8NPC:GlPQE7Q2PBs/ZqKvxsTtwxAZvKGaO

  Score

  10^/10

  amadeyredlineandrediscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Healer an antivirus disabler dropper

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2