Extracted

• • Target

    44ddf382cba7fc2d74115325e3a2db6730b6f566571158cdb42f1927ae58dfdf

  • Size

    1.1MB

  • MD5

    2137c901be8f5b11f1c8238a69592fe2

  • SHA1

    666ca6ab75ba3881d64ff23b486c61c573c05047

  • SHA256

    44ddf382cba7fc2d74115325e3a2db6730b6f566571158cdb42f1927ae58dfdf

  • SHA512

    89ad6b3314926711e51d024bbff23717ea8d237cd02b95b46e0c2f4ab8445b7c78f780978268b4e0fbc54b73d68f1ee84339fb9b6c155993f9e177c97a4ef824

  • SSDEEP

    24576:Qy1mpiJUSMGlpczetzBtjVuOA0J0wBwFc8caqr9AlHk+Fx+iVd2xdJFv:X1mpi3ljFtxm0J0wBwif6HVFx+iVkTF

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1