Extracted

• • Target

    d6927e4400837dfc0f15e56f059796a81809dce1c5aa1026781cab890d18e71b

  • Size

    1.4MB

  • MD5

    92bf6dc9f2dc697937066ccb853e45b5

  • SHA1

    06dc9b5e7cc2ecd969c5a4553c448a6ed8c505ac

  • SHA256

    d6927e4400837dfc0f15e56f059796a81809dce1c5aa1026781cab890d18e71b

  • SHA512

    05b7750e779b0b83b4a8e01462360af82fd3fd95897fbad69bcdb14d8c5201b9a8590cbbe17402332da408f6f90e7a7c67f1c6d7aa8cf25e883898b532e8810c

  • SSDEEP

    24576:N9yB85oM5BDETcmC5bXqeA0teNKpvDjdQq69oUp326aUb3Ef2kxbzveMHVS:Gy5XmQXqeA0ANKtdQqMoUdjaUb3Ef28e

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1