Extracted

• • Target

    945dceae4409e8e05d82759527e96118b1eb71cd43f8eef6cac7ab6c2d631f11

  • Size

    936KB

  • MD5

    fb96a604667c25bfebe39deb38082d3b

  • SHA1

    773698a9609044c2407237280fbcc6dd91d4a8c7

  • SHA256

    945dceae4409e8e05d82759527e96118b1eb71cd43f8eef6cac7ab6c2d631f11

  • SHA512

    a729c5b3adc4b7284b37dc8f239a38ab8d6029c2f5bc377c2266647c46e2b9bd8c0f42121b5936e514525cb69f15723226c275c1544cff31295152a09c92e98a

  • SSDEEP

    24576:uyiyMSCiK8eYONmLl4poq5XT/ZqqTUFWKlAMI+xUkh:9iMk3TF35XTxqqTUxNJU

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1