Extracted

• • Target

    df6485a0c22b533b7c90a8eba71319f232f3afc6eac6241d1b7de6d3411fb21a

  • Size

    642KB

  • MD5

    503436a202221baf8c84d57fa9b4797f

  • SHA1

    0bc7941d73c7beea24eeb486d966209995b1bca8

  • SHA256

    df6485a0c22b533b7c90a8eba71319f232f3afc6eac6241d1b7de6d3411fb21a

  • SHA512

    62f1eb3aee9e3021c5ef043ed654cd3a0fafe8066c71ba7b48b6ccf4ac4727663e8024efe9491f34388c71abca247dfeb501f35cb1ca70dc0522425e4b02078b

  • SSDEEP

    12288:zMrSy90tO9K3jQ5sfUWqOBSL+wpNxVMVem8T300bau9kbtgxT:dyMuK305YURVLZwemc0IvG0T

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1