Extracted

• • Target

    3b4906280bfc310ddb3e92c4645bfcef3a8f1f9166be3c7c49d29307546e60db

  • Size

    896KB

  • MD5

    19710650a9827c21bdd1df8fdc48eefa

  • SHA1

    760e8beabbfec6a5d73234bbd5b85f912dd6c867

  • SHA256

    3b4906280bfc310ddb3e92c4645bfcef3a8f1f9166be3c7c49d29307546e60db

  • SHA512

    a9b4a061e7aecfceb4db998029ca93b73039ff62cfa9c331ecc511c2ac8e44b8a79b1d72331d68d60e7eb89aad5a5c2f49607a0eb8f3f4971e891d671edf226e

  • SSDEEP

    12288:Jy90/QgN+Wuasw3HTiwKnKw14gY1ciOgKrzAyTIAOZ0aNz74/eKVqkjjxNCyTs+:JyoQE+Rasw3zihYOz6TFNz745Aod9

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1