Extracted

• • Target

    6d734d993f42400b68f1be7af2262ad0142f4b60296c01d40237e60370c2dd1d

  • Size

    857KB

  • MD5

    ffdca6b3bcbd4b7640c67fdd26851eb3

  • SHA1

    99866be8daebc486c753b59c5117c9b7d8c53610

  • SHA256

    6d734d993f42400b68f1be7af2262ad0142f4b60296c01d40237e60370c2dd1d

  • SHA512

    2bf7120a95e32c44bf71c15bb79871f988ed2a36c0f39553dcae1ef9e9a21678ac79c24c346d5635d79b1baaf4a38df462420fc031248624aa33f290ebc782cb

  • SSDEEP

    12288:My90S5xhsZMLMqsM459LVJmwxd+toKZhezlzd3W/TdUOCT7DkCazxIB44yt:Myl5zEMLMvnLVJmwxd8m3Wano9i4

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1