Extracted

• • Target

    865f5900765e10a7a920bbd27a49b46a50c3b8c6c1124c3e5c8bb0f8411ac26d

  • Size

    1.1MB

  • MD5

    387f1941b461028a0f644a79c6256d55

  • SHA1

    eb67e861a32dab6eeffa402a55846eb3986e8a3e

  • SHA256

    865f5900765e10a7a920bbd27a49b46a50c3b8c6c1124c3e5c8bb0f8411ac26d

  • SHA512

    8f987a114bca4107389809176b10aa25b6af850cc3f668911016e3114ba959d7c124e976de6b779f71ad291bbf40bba0485be8be6a6945c8cb5756b4291c2bdc

  • SSDEEP

    24576:1ypRP37Ao7efyKbdOK8slkuOq552VjW6kv9ekqTFCKG:Qb37Ao7efyKbE4lY0576Hv

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1