Extracted

• • Target

    aa30f90e50bee456baa8167cca6537191613c2720ad91622c91f230cd896e85c

  • Size

    1.1MB

  • MD5

    803148ddb6b768b3c2035c1d96b7206c

  • SHA1

    4bff94f76390821776ff06c8887190d31306990a

  • SHA256

    aa30f90e50bee456baa8167cca6537191613c2720ad91622c91f230cd896e85c

  • SHA512

    0af8bb5fa7611d45cc18ce3464d4fd47ca2c598c8a010aaa929c3327fa2424065d6d163397f5f5efa3342ce96a4c1ed8a6e9f97bbc59a1bb44c311745627f10c

  • SSDEEP

    24576:lyibnRocrjGgapN3nY6wkFlg7AFMc9ANK/Y+oxKLEQ3q6ZxIAUU:A5crKr3nYKjg782NZ+oYEQa6rIA

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1