Extracted

• • Target

    d586e8a8fe5a576da33fc0e38c72c84fdae206858af65b3b80c75b2499c4212a

  • Size

    1.2MB

  • MD5

    cbf084a7a29d2885edb579a2b09f3122

  • SHA1

    203c4552b3ac92e6d452ba7f96abf2ca53df562c

  • SHA256

    d586e8a8fe5a576da33fc0e38c72c84fdae206858af65b3b80c75b2499c4212a

  • SHA512

    90eb3034b7fd8ad5d5cf08c58fdff3fc961537a36c20347fd6d4500e76ab99ef8111504c1a1c36e516154a8e452023380778472af8ac14eb783da8166d1f06ee

  • SSDEEP

    24576:3yncS+x/fEHIl+9MPKnZguQKisyhL2qicXwAYGsS3C:CncSY/fqHkKZ3QKisyoDSl

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1