Extracted

Extracted

• • Target

    9ffdb398307e43555099253d054e65735d7d2818c8bb1dc477246070087cbb02

  • Size

    1.1MB

  • MD5

    7b48765c5e16265fee5d33097e9becb7

  • SHA1

    a1de67b961e007efd1f597c1c98398592d144b6e

  • SHA256

    9ffdb398307e43555099253d054e65735d7d2818c8bb1dc477246070087cbb02

  • SHA512

    2aa380f92717cafca59917d8a8942b715448009449a6b7992a458109d3d7431f701748494b6648ac0fd52eed93a04992972b912f0f044b14ca199c4b10bbd5af

  • SSDEEP

    24576:cyMxTlJGRSR5riAZ1D9e9pcqIHqDqi+UTZXCc:LkT+IrBTI9p7IHix5Q

  Score

  10^/10

  amadeyhealerredlineladadropperevasioninfostealerpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1