Extracted

Extracted

Extracted

• • Target

    e56c948109c9c5812c681365f80db8e9.exe

  • Size

    706KB

  • MD5

    e56c948109c9c5812c681365f80db8e9

  • SHA1

    8345c476b1b7f22860a01a65f5fdaca9acb373a8

  • SHA256

    73bb4d8a06bfd09efea5d6c0a9dae34cb796e61114589097e7ba7bace5cdb43d

  • SHA512

    a2682ea264ade51249f7fa1794cbf8f357ea81a1971dc63e9399b9ddb38a8759189b5829efb6a948bf65eabf44b59f148d90d555cbdc0caddcfb6ab36fed03d7

  • SSDEEP

    12288:2/cH/Q2PBskm/AeeyYOVWHBvllZUyEdN9TB7RHLbYEy/4gMQdQZ:2/cHBpm/FSHpBg7lL8Ey/u

  Score

  10^/10

  amadeyredline@rocketprosupport1narkodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Healer an antivirus disabler dropper

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2