Extracted

• • Target

    2ada35c1a3676c52cf7a00524fbf437e5d98e3901be6f3890bc79a5479938cce

  • Size

    637KB

  • MD5

    e234599191239e9a8fbd9bb18efc7fcf

  • SHA1

    7d439ef131666cb137ebe6d2697caa4a9dd886dc

  • SHA256

    2ada35c1a3676c52cf7a00524fbf437e5d98e3901be6f3890bc79a5479938cce

  • SHA512

    f09af461645f6d03f7264d2cb682c74a2d4ab298230fcb064c9853c4818490594cd3b33ffc1f9c3bd5ace867797b286037ba7a904e90626e1905f16b9c66aafa

  • SSDEEP

    12288:WMrCy90NkkgSVjb1L48CUTSkJZqWd59NO4MiuzK0Uq85z:QyPkDV10ylzqyLNO4MiQxP8V

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1