Extracted

• • Target

    b3339af408e0377de7f35a57cd184bb1ba716f6202672b3fe123b93a5b365aa2

  • Size

    1.4MB

  • MD5

    ee1bada27e32400ea41cb07cd4898c15

  • SHA1

    35c7bf1d64e0825dde98267e4f20f78c0e49df2e

  • SHA256

    b3339af408e0377de7f35a57cd184bb1ba716f6202672b3fe123b93a5b365aa2

  • SHA512

    1c17291859eb938bd7590cec3d45a8d53160bfedcd4a004f560f63b8fcf0c5c8a5cf456dbbcd0b1736a4a45de8ec56e5599240687efc95c9999e901e4dacd956

  • SSDEEP

    24576:0yU35tOAgl9SYmEO+rAgFGb7kOUwLZooK9p3WdYrVbTJnDa3uAOJqMMp:DU32AucYlAgu78wdorR6qVBne+AOJqM

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1