Extracted

• • Target

    d327d690cc3406845ca31b5aef1a246ed66418dd841179f1f1551776bd8cc833

  • Size

    248KB

  • MD5

    32d19986f373641d083394147032df89

  • SHA1

    df8d10f6eff9b10427257ffc997cbd206556fd47

  • SHA256

    d327d690cc3406845ca31b5aef1a246ed66418dd841179f1f1551776bd8cc833

  • SHA512

    547251fdf1fbb94d5fd471a9a9a5153fd5e8082271ca2899c1504a0908e8507e7a64c01d98a28139e9728d9e9adf2843c95680d628b944c12ca6b5ba9b6d011b

  • SSDEEP

    3072:ZDp4689EwhlpGqL4CS6plM1D58/VttFyvMvanSvziTob2LI+9vN4cOyTJIpqv5R9:BprmrLxS6k87evMvTvzT0jvEunD

  Score

  10^/10

  amadeycollectionspywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Amadey credential stealer module

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection
  behavioral1