Extracted

• • Target

    4cb307d4bca6df34c2d578e08d51bc35.exe

  • Size

    526KB

  • MD5

    4cb307d4bca6df34c2d578e08d51bc35

  • SHA1

    04be7cd4a3e20730d60ad43cd4c466eb47b7b69c

  • SHA256

    7bb23e2779d6249c8caf14eee7447b0dd5e9fd0149a5b7fbd87c13910557a90b

  • SHA512

    13e4d2b80b42334d5ded71e212f69204f8ac212c324c48cbb0b69f8ad8fd5417d7ba056b51c5853f4ed336633211582df5edbee9f429a76350f6c8d2f0b6e63b

  • SSDEEP

    12288:hMrBy90P+35LGowILYbWmhHIRFIv5Lwd2Ifeti:kyEoUaYbWmHIFIvYf1

  Score

  10^/10

  amadeyevasionpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2