Extracted

• • Target

    ChrоmеSеtuр.exe

  • Size

    3.3MB

  • MD5

    7799b9185e0e45643c325a679d9e4357

  • SHA1

    c4155ee2c75279cfe4ce7942d7ff992fa17cdfa2

  • SHA256

    10f504133a652d196aa14eb26d55d0b53da16590584696a1f282a95bb3e9c08a

  • SHA512

    a9006b03ba387f8b96ddacd885237dc44a8e4b365841a55dd7916c5855640c3b21ddc5657b87ad0f035dc965f08c1ccce8a3c6250b0b5caa30c2a29886ccf5dd

  • SSDEEP

    49152:oWtfl3xiDZjSPQaLOpU0dpBYYZFfsqWGXwuO6Bpp51kXYpnF4tk11zppI04zmHZl:ltfl0kYax0dMiNsqWGXwtyRk

  Score

  10^/10

  amadeypersistencespywaretrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Use of msiexec (install) with remote resource

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1