Extracted

• • Target

    c3602be28598103ee830cad47db1b1431ca7e72319e9e8be68b75ff2f9e92b11

  • Size

    1.4MB

  • MD5

    79b485a62394b555f359ca75225c72d3

  • SHA1

    6571ede86bb5bec50f5859c5b927bfe26c54f817

  • SHA256

    c3602be28598103ee830cad47db1b1431ca7e72319e9e8be68b75ff2f9e92b11

  • SHA512

    9adaa516b60082a294010fa15e9d708913a73f587be970a554e75f2d835408b1e4647336eea6c219daca8f7a1454e8b6acb60a7f0b90c51dc215c5cc843368d4

  • SSDEEP

    24576:8y66uRVl2HR0SHwBilv2asclOiSlhdpwaCbb6lhoPK/Ev/SYCdYnk2Av+7:rXH5S3ck1lhdpeSoiECVdYnk2Av

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1