Extracted

Extracted

• • Target

    a633d69bdf27acd9da0fe879980aca51c0bc0c549f93390e203179d8a7a16896

  • Size

    389KB

  • MD5

    9aa6f14b35f52bf4e6bd8974772a0574

  • SHA1

    693694cc9a501120a2edf154d83554ed871ab126

  • SHA256

    a633d69bdf27acd9da0fe879980aca51c0bc0c549f93390e203179d8a7a16896

  • SHA512

    3a05a099d64f3a5df326feb0959839b19a3ecf9258c46b887a04c58e27a0d6175bfa4c9c27db8b207274da472703055045f183cbef6486f85b089ee4aa5b1008

  • SSDEEP

    6144:KNy+bnr+Wp0yN90QEw7Dw2QL3poybzIlVlvVSEwhV+re21KGfEVOzK+3:rMrGy90nX3pgPvVb4124TVof

  Score

  10^/10

  amadeyhealerredlinezahardropperevasioninfostealerpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1