Extracted

• • Target

    e6a65fde996422a076c2083cab92972bbe15899bda7d7002cc6db07e0708e9a7

  • Size

    1.0MB

  • MD5

    65fe3ed484af07a24be45d1b8f9f231e

  • SHA1

    a67bb6e82414a54d203b8520f4f77bbea45624d6

  • SHA256

    e6a65fde996422a076c2083cab92972bbe15899bda7d7002cc6db07e0708e9a7

  • SHA512

    bc7b281fe403bf7b6708d7af69288f51a5e7841e08807b0078a4248048b0800251e9b0453a41f3b36e12c2b1336e92da4e4669f48acf046a4033765e262c17b9

  • SSDEEP

    24576:gy/BT+Iq07w3WP/WQOxpZ1pXd5pjaPWF0xdvinA7ntitm:n5T+zbmXWQO11pXDp/wgOtit

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1