Extracted

• • Target

    0f2fc8507ea4b49d561bee808a5434b1dfb6ae4776c2a35cd6a84f7297bc3ea4

  • Size

    949KB

  • MD5

    b24bd7fd5e647d81eaf1cb36d7b13179

  • SHA1

    21049d573a2072613b922ccc7a7bf319ea451ca4

  • SHA256

    0f2fc8507ea4b49d561bee808a5434b1dfb6ae4776c2a35cd6a84f7297bc3ea4

  • SHA512

    09db76c63ec41a62c7d4d89165366620e5f62a5efb6947b0db96c4e506298696c783187b38fc95863bd517329a2279b2a67caa9a4ec2a9b3ec2a6d254551a747

  • SSDEEP

    12288:xy909oBNAl6F5YjezB66cRT87GODmPMJHhI1bzj5kIz6Mj6/K7PIUApwVNluAgPf:xyjTG6F5qyB6RPOcq4HtkI+K6jp3/

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1