Extracted

• • Target

    bb.exe

  • Size

    3.7MB

  • MD5

    6515bf0a90de21df321b8d6c8af1e3a6

  • SHA1

    66bd3231249fc2bc4f3e26c429a0db2984b76558

  • SHA256

    0539d46a6e61dd3ce32a4b41c0554f925f4b26054c49451accec7ccad0409846

  • SHA512

    d86dbf68a6342f7d6903a6b3472125456986514cf39106ae9ff525a178ccc7c18cabd14a8f97a89ad5329bf8c6f2eafabdfc0846e191766919f0f30cba7072e8

  • SSDEEP

    49152:oOnjDmNlq/z9dkXB4Es9UR729XyA9Pc0bmzkQduF+mGpuTAmtv:JnkXB4EsOR69Xhc0bmz3oopuTAmtv

  Score

  10^/10

  amadeypersistencespywarestealerthemidatrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2