Extracted

• • Target

    3f9c64f14f28a8fe9afbf434c4237c3f.exe

  • Size

    387KB

  • MD5

    3f9c64f14f28a8fe9afbf434c4237c3f

  • SHA1

    6c982051750c6cd77223c0fdbb2df6bf20ba8eb3

  • SHA256

    a9cbe651f45880392d51f71b45409bfe1d020fab509d8f6f4e9afb228d7f3e96

  • SHA512

    9014064d4c627b07a872c793f78abd4099860b43830f6390b28d76747b880300e09e96bcbaf15fb56fc042534ef25fbe73da4876bf9d152b0ddc8a48c9deec7f

  • SSDEEP

    6144:K5y+bnr+Gp0yN90QEgf+fXYP7ePRDJ/fBlXJOuHBnDnB8TIOzwW5I/OCkOXN5F59:DMrCy90epPKJlZ/H1iTve/SOXNB13Bd

  Score

  10^/10

  amadeydiscoveryevasionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2