Extracted

• • Target

    d87f88cf4417707592f276483de21bf7759a9d9a127074d361a445c164f87f2d

  • Size

    1.1MB

  • MD5

    5a4aabd06e2db27553f35c4fb906c646

  • SHA1

    b73ec4a3f8992b081a25aad0673e052bd326b9d7

  • SHA256

    d87f88cf4417707592f276483de21bf7759a9d9a127074d361a445c164f87f2d

  • SHA512

    1429b7c8b8e907e16c4e842d593184735fba85b24f1367dc94f4edea1d25c1363b813f3e3eb737169796aaf457ab7a1297f297025d967ff4b17503534c6eec64

  • SSDEEP

    24576:AyezLQMpJJudP0txluGDSBxH4gqO3hT+rPmxMmSdU2r:HezLQMpIP0ttDSBxYmZ1RS

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1