Extracted

• • Target

    19341dc579c9a11b49168f41730dbf97bd3c1b72c394154f96ef0479ed1f544e

  • Size

    1.0MB

  • MD5

    ff8e500a6606923ecfa29b4926953c97

  • SHA1

    028214f99e3b72fcbe110f6df518b6de65b8ad20

  • SHA256

    19341dc579c9a11b49168f41730dbf97bd3c1b72c394154f96ef0479ed1f544e

  • SHA512

    0e822f89c7f5498404dad9ad3da8b14b282eafd6a5623b79afdf15dad5bf3fd13f4a56a4f78074445828b9e522aaef29685d48d7cfc38b2f56c747355542ae2c

  • SSDEEP

    24576:6yxdO8Me+hsZMiF2eoPTuMPGD3yfJRGMXR2V2P9KtwFqRvV7oSC:Bxke+OZMi6PSDDaHGMoQFKAix

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1