Extracted

• • Target

    e70c853938f467faf43b4bb571cd4bfa782fbda179a864cc80680190b7557c39

  • Size

    2.3MB

  • MD5

    16b1f45f29fed3bf39fce00a5d96801d

  • SHA1

    ea0cc0ae35cde2ad52334eb7774ec2eeeb401ab5

  • SHA256

    e70c853938f467faf43b4bb571cd4bfa782fbda179a864cc80680190b7557c39

  • SHA512

    1808dbf0ede3d285e3f8ecfe506f9d515b1165f6d94c5da81a75f8ed2ea9d555eb2fc19f9f9677a20a071621ac1c6005b00b270a53d3890af51bbe48496b59b1

  • SSDEEP

    49152:hAGvEatXgm/pMqnAK/42RSccGAL1bo+pNf333Toj:OvnLBo+pNf333T4

  Score

  10^/10

  amadeypersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Downloads MZ/PE file

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1