Extracted

• • Target

    a59e12fe21bb6df9384f18a30ec5f5d1

  • Size

    1.2MB

  • MD5

    a59e12fe21bb6df9384f18a30ec5f5d1

  • SHA1

    539c7f98d917f06c24581a203bd9d26e2e2382f2

  • SHA256

    303e0a54b1ec43bcb7f0608ab138ff072325c8b1d1a17beb4c5a1d86029ffc89

  • SHA512

    2df5212880da4a12c4301e5c56f8dd22263b34673f0a50cb863c4a84372d642e5318f0deb7bd0d00d3a4f37e625eff7b73ccebf3fdd47af7ec81987c79ab0c4b

  • SSDEEP

    12288:XXofoFKDWqTG4dJJy8/eDyhPxtDz4XE8/x2KYhstBYX8+kf+nfkDp9otCmk0rjxP:X4gADtTdqbx3YhstSXZkf+f6V3WFQRJk

  Score

  10^/10

  amadeyspywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2