Extracted

• • Target

    a8569cb2db98ee16174f75c8366c91779fa7a0e6b8450eb257a30cd0a9bfcc47

  • Size

    642KB

  • MD5

    24aade0495d88e2df5f1ea94b72a58ac

  • SHA1

    9a0ab2ad11940e550fe7579bc24b77c1dc5a4118

  • SHA256

    a8569cb2db98ee16174f75c8366c91779fa7a0e6b8450eb257a30cd0a9bfcc47

  • SHA512

    fd1e814768c69da8c46da00b18e7345d2c71807ce7c98e89e42e0b9d865586913c6694db05a318cab57e3901f69aa073107dbd9712f9a010a8a7b757ac10da50

  • SSDEEP

    12288:yMr0y90u4wji3CebT9DXMJE+wpNxBMbem8T30a1au9PvB3ZFWt:SyHi3NV0EtKemc04vpBZot

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1