Extracted

• • Target

    d4cb3f4a5554ec5411cc328cffb5ee564a2114446cbd2.exe

  • Size

    235KB

  • MD5

    ddfa4b4f9123e72e7b86f10cdd994a83

  • SHA1

    5efe2f2980c2fbb50d8f44271037293402667737

  • SHA256

    d4cb3f4a5554ec5411cc328cffb5ee564a2114446cbd2c9b27dd5125b15b30b4

  • SHA512

    0988ef4bb20ef54e7a8457241c4c207998c49c4664d83895e85d0359098e8c2337b6e31a2cce966516c91182604c8fc04d605c83340a569ea9fe77d7ddc71f9a

  • SSDEEP

    6144:KbxUDsiH4X/Et6xXQ31UrhfSK6uVyWVYVtGgUO:KbQOXUghSuVyWVE7

  Score

  10^/10

  amadeybootkitpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral1