Extracted

• • Target

    a17947657151656116d1aac10d6d34e908ffaa53a0e13068530f6f3f899a6465

  • Size

    642KB

  • MD5

    3716a839bfe4b8c7ffabaf2364ee1019

  • SHA1

    2ab011dbc6e990c691cfb89cc942145fb905cc48

  • SHA256

    a17947657151656116d1aac10d6d34e908ffaa53a0e13068530f6f3f899a6465

  • SHA512

    1e838839f80e3acfa5fcc2b6b6d81967a23886b9ebb3980ecffa42970700a2cb63b8b70f7f993b9203464116802442b2f18043ae43a76fff499b6afcda662cf5

  • SSDEEP

    12288:JMr1y90cx5Z6HV2QYrJSauq8V7oeXH0+MY58I0sfrWi1ZIW:8yL/Z+UNEaIVEWPF7Ci5

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1