Extracted

• • Target

    129454ba248e93937a64c719eeae54fe7df08393669cbd4d15e5aaf153e3d13d

  • Size

    1.3MB

  • MD5

    3591f571485d79732397023f4fed2385

  • SHA1

    56ed2dcfaed763d283315949520476ff6dfdec8e

  • SHA256

    129454ba248e93937a64c719eeae54fe7df08393669cbd4d15e5aaf153e3d13d

  • SHA512

    6e0dc77d5b4e5edc164f156fba792fe9d8d87cb7ac72276111e4ef650e8abc87632d999bc820e721a4ab95dce65af853451b29b9e798f7cd1c1239572c5a78f4

  • SSDEEP

    24576:syHpz38vdNZfBJSrRuN8i8YITpmmTHtsEznOrK3aUfL:bJzMvLZfBIrRFSIF3znOrP

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1