Extracted

Extracted

• • Target

    16726f07a9f8b550290a1593d69a1f11ecdfa2c073ff4b6df9ebcc6fc216d207

  • Size

    390KB

  • MD5

    a9ec4ca453bd0a22e32ab2a3b730f8bc

  • SHA1

    d545af10fee3b8c58f24c321c597ae405a2973ef

  • SHA256

    16726f07a9f8b550290a1593d69a1f11ecdfa2c073ff4b6df9ebcc6fc216d207

  • SHA512

    bfe5f2918fb44b6264f32ea06232dbb174f5a428862c5b4a5f7fd69f38b1547047a61be76b62552dadcfb4a348bfb390fa5b8928e77018fa045ac6d3e7d41c68

  • SSDEEP

    6144:Kfy+bnr+6p0yN90QEiI71xVkWwnBN+kXqFaN/ePArFAJ4gfG2t:ZMray90MIVFG/ePArFW4g+o

  Score

  10^/10

  amadeyhealerredlineromadropperevasioninfostealerpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1