Extracted

• • Target

    file.exe

  • Size

    421KB

  • MD5

    ae0a426a3ae98abe0ec1b1d00bf35f44

  • SHA1

    a3fd2e9ccf885206d3013f420da71c764dae6f04

  • SHA256

    0a4174a69b0e01fefc64d10691910cfc94ec7b664701d7ebe2e80a8600d20a0c

  • SHA512

    a2633fbf32e1a0b4dac8f5be89d63d3fde9e425cf08713c7289515c67bec3c893a0031f736e0e040f1aafcb6ee358c01ca32848f45bfdb28606631e90c2a013d

  • SSDEEP

    6144:2yGULW8BCGg5xBlEaQxbqK2bK9gDf/00r6wGAsqWcoBlCgba1QkaVe:2yq8BCGKxB2/JK00mcWCge1Qk3

  Score

  10^/10

  amadeycollectionspywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Amadey credential stealer module

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection
  behavioral1behavioral2