Extracted

• • Target

    2abe45df2025eae4c812cae2ddbf8e2e18bbf51b03a92e9c5b90a0f3a545fb9a

  • Size

    1.6MB

  • MD5

    11c0581c4b2aad91fd65269f157645c1

  • SHA1

    6223e41b52fc77c7a18de078476f3949816f2118

  • SHA256

    2abe45df2025eae4c812cae2ddbf8e2e18bbf51b03a92e9c5b90a0f3a545fb9a

  • SHA512

    f688ec4e96bd74e8056c97e2110e5146a2160f08544ebfa0e79dc9f742443962a1fe63d0d5a4d2679da8c737551df781c3b6ce20240717f5790a247cd51a9d44

  • SSDEEP

    49152:m2wUCu8IPYNQUvJshbxwaLyWwVmCIYLqGWtB:qBdNDvaNSVmC7

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1