Extracted

• • Target

    fbf43eea2ff06bd1e737e89315964c1da949c249c284567993f311e18dba6196

  • Size

    1.3MB

  • MD5

    dfe7c48aa94a6ed24cedfc963ee7906d

  • SHA1

    d5804adc0f118644d0ebf2c4ebc24a4a4916bcb3

  • SHA256

    fbf43eea2ff06bd1e737e89315964c1da949c249c284567993f311e18dba6196

  • SHA512

    ca0b84deb2c19068dbe3a40f6c6187cc116bbf4bb8ff4fb14d44026bd6801f7a44a2617869c166da3878379e8fe03cbfd4ae206ded1c4a47dd9490f31cc07b1f

  • SSDEEP

    24576:kyXhuHHJ2hXt3HdvXB0cMQ0BJ/wN68FrWlNFQN5ITtbp3rVC:zYnEHdvXBsXJ408F9NOV3x

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1