Extracted

• • Target

    5108ff329fe6a9fcb9067cafabd6ea642fc59b9e8e0652a99a6bbb4353879b3b

  • Size

    247KB

  • MD5

    c8dd1c31441a00699d5461b1a991c526

  • SHA1

    5a8b6ef8b8e2c690106fba85644622ea3c122393

  • SHA256

    5108ff329fe6a9fcb9067cafabd6ea642fc59b9e8e0652a99a6bbb4353879b3b

  • SHA512

    979699962bca1fdfea02cfc17f87e9051135a20255dd3747923f16dd2a8fb7ec51063a93b19eae049e7d7b7df75a827b9a2d76c86a04b00833185526c44b7afd

  • SSDEEP

    6144:c29L9p1+HYR/R0VmJqrjhTj68x9zJFij9N2asHFtz:c29pp1+HYRpMmJa9n68xhJe6HFJ

  Score

  10^/10

  amadeycollectionspywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Amadey credential stealer module

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection
  behavioral1