Extracted

• • Target

    file

  • Size

    524KB

  • MD5

    2ecbf9cac46689deebcd44b0c2acdff3

  • SHA1

    22b42657737e27edc28b6904a69ec8e79d4ad7ad

  • SHA256

    d253e8853dc3cd8006e71d8cd8f1618f6187ac0880ea7aaa69aa7718126b1d3f

  • SHA512

    db35c3a152976b524a28bbebf0691c2e5d75190b73b5af01de76e19cb7317630aabbf4f261c246b92e023d067fa245300974e3f271bd324cfb4a07d71809edfc

  • SSDEEP

    12288:+Mrjy90nnsovZLRrZ/moKIbHYuVtfY0h8:pyInXBNrZfbH1tfY06

  Score

  10^/10

  amadeyevasionpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2