Extracted

• • Target

    file

  • Size

    566KB

  • MD5

    ec5df0708ce3022856f79456202b6ee0

  • SHA1

    b069ec4210b4de4c7a7adda7cb55b9913ea8e1ff

  • SHA256

    377a6aa4b4f369ba4500baa3fa5cbb0c34a04d78e819cd9928bf5fb8c83eefb4

  • SHA512

    f22cda054a78b1c30abb3372b1ecc285b09169be17604e7adf9f957686573698ac3b97d31896312fc778e23d785a6d65db8ba6d28e2544a6599639d5d9fea561

  • SSDEEP

    12288:kMrKy90mQ60z2bdp1ddhq4Y4CPxZlYnJypw:myC60zqDI4Yx/YJypw

  Score

  10^/10

  amadeyevasionpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2