Extracted

• • Target

    e92719ed71d0c4f48134eb623fd6c4b50a03a4614dfd5ae6ced700296b4ca759

  • Size

    1.1MB

  • MD5

    c549aa4209f77f264be4b7fdeaeabe0a

  • SHA1

    f1ebc545de0cfa9325a57d2bd3286f8fa6e05c7d

  • SHA256

    e92719ed71d0c4f48134eb623fd6c4b50a03a4614dfd5ae6ced700296b4ca759

  • SHA512

    58806277822cb8a904ec3e0abc007e5be55fe6edb821ac4d6418e8a2e37b344829905e3841f96208083ae400a387971ff62b2847cd797ae65d180728715bee83

  • SSDEEP

    24576:/yLUnHs4AKCDePPyFM++wyyY+F11RLWUO0J/g09xhtdRNVM:KLUnLPOePy8wZXNZtO6x5RNV

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1