Extracted

• • Target

    file.exe

  • Size

    525KB

  • MD5

    1e8af855201d0cfb9916506fd3ff10e5

  • SHA1

    ff551e1a2c16985a94f0ebb0424f9ac38c01e653

  • SHA256

    89606cde8cf74cd5f87d69a555ee05296c78f86f77b1068aa8e84d736beff0ef

  • SHA512

    5455f09310ce8315289a1a86d1cda754eee47b03bb8fc63b0f52e1ced924460fa13b37ec8d505030a27f2757b581a3590e09e6c0dc2c92ace58d9f3b005aed49

  • SSDEEP

    6144:Kjy+bnr+5p0yN90QEqfLnfNVsVXo+KKuBv8m+8fGVvMCZc11YyguW1oNLnD8wOjD:VMrVy90enfbsVsLvTuECLuAopowOOO5

  Score

  10^/10

  amadeyevasionpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2