Extracted

• • Target

    00fb3bed3fd8fd8ea2b0963d6216575ffd85ef471b20b3242f21bd8c4f43b840.exe

  • Size

    523KB

  • MD5

    ab579f97eb8b15e47d0989e7d039eb19

  • SHA1

    e26f4af24520b7c2acc2dbe75bc5acfbe9fc0439

  • SHA256

    00fb3bed3fd8fd8ea2b0963d6216575ffd85ef471b20b3242f21bd8c4f43b840

  • SHA512

    e40aa44669dbbc009b7e962b6e379aa7a09bc3246fcb07f73f253fba7bdf6500c2429843aef227fa00834bedcf68aa3a98e4ebc2a604550cab112b7ee2cfb243

  • SSDEEP

    12288:JMrPy90jhF4kq+8LVjantUDbCBIl6bF+Viz6DnYpEvWbvs/EzlqermwLW:qyUh5zuVj+WHCihiUnYtYEtBLW

  Score

  10^/10

  amadeyevasionpersistencetrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2