Extracted

• • Target

    1380bfb97ab678cc8eb745e972bcb3fcf2ccf6ea35f55b13b73826781c7e86a8

  • Size

    1.6MB

  • MD5

    04926afc81f9f6a2d9beceb60f7e9d6c

  • SHA1

    6686d33f1445588cde64dd61836843e34bac63e8

  • SHA256

    1380bfb97ab678cc8eb745e972bcb3fcf2ccf6ea35f55b13b73826781c7e86a8

  • SHA512

    383f03e5aa3a982ca8b952b8b22b946b1692c0f25716948a6d414b7fae8cf40aeb7f1b0aab149ed658aee6eb3ea07efc36f18cd3dabd22e4870ee58e71b6e9f6

  • SSDEEP

    49152:tGxT/klQmPyiqFFLSE9dwXCLW4roBMf07:2sljPG1bMCLWpB

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1