Extracted

Extracted

• • Target

    x6248447.exe

  • Size

    329KB

  • MD5

    7192009d57429252d72c2cb7ff9991bf

  • SHA1

    dfd4ee6f3bb8b680027fd283c650e8081225026c

  • SHA256

    d775c149e2a64915b10703f6492dbca77a6968099de62bea5f84c1b204b15f4c

  • SHA512

    752ded2d6fb868b729ab7e9ac3ea2d74880a5020c0e087862787063989c67cb8f11065f855bc4ecc69442fbe32038f2aab57922d1f2c78ad4fe7ef3442871cd7

  • SSDEEP

    6144:Kty+bnr+Gp0yN90QENTxGPNjgM+swy2EyEWjq+7oHsD+RHfpRK2rd5:XMray90jNGPXsJ9ESVia+0ed5

  Score

  10^/10

  amadeyhealerredlinefuroddiscoverydropperevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2