Extracted

• • Target

    920872b6c2b2f2c535729538c8359f8a8456399dbe6eec8cf52389e16c1458d3.exe

  • Size

    321KB

  • MD5

    198929adc74b1ba1e260c2b614e1ed80

  • SHA1

    2bc01b272b38257f357104ae6c2a7e70e59aabce

  • SHA256

    920872b6c2b2f2c535729538c8359f8a8456399dbe6eec8cf52389e16c1458d3

  • SHA512

    094e75cf694278231c479d556dd48d6cf19ba6dad4569cf701914fc3f671253881e20d787adad555820d05be3c922279befea23100f7718452d35d05239b4cff

  Score

  10^/10

  amadeycollectionspywarestealersuricatatrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • suricata: ET MALWARE Amadey CnC Check-In

    suricata: ET MALWARE Amadey CnC Check-In

    suricata

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection
  behavioral1behavioral2