Extracted

• • Target

    file

  • Size

    526KB

  • MD5

    d2c7f10eb1b82bdda4ec935b225ca0be

  • SHA1

    24f94c7e52f5b23fa2d6df15ae3531568fce535b

  • SHA256

    9c46c158a2e5589f4464d275a6d6ac6e1558f0412c2ae650780861358c04e84e

  • SHA512

    e0f45752e8428ee13f6fce414872e8be94ac998a97ea76c24f647ba89204a45e06defe420272c1c62b3020c1b86d62fa2a06fc22af62c8b291b7fa88c9217a71

  • SSDEEP

    6144:Kvy+bnr+6p0yN90QE8zhkbv8tMIjOFu4To5GkJOo6dazSjx/HGJmUcyBsCCFFa6i:FMray90xv+C9sOoc6mx8mUc2EpFw

  Score

  10^/10

  amadeyevasionpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2