Extracted

• • Target

    246bc43dddcb46823b81aa3aab776e87.bin

  • Size

    2.5MB

  • MD5

    246bc43dddcb46823b81aa3aab776e87

  • SHA1

    0d8df13b80d6f50a107be6ad934d0a3353064d06

  • SHA256

    a406bfcf106fa5ba45ae292a1f0e5c3e805bec1ce594f2f5b5a012e07f384801

  • SHA512

    e57ede33f80d833e0d700bb7ea41592a3f15cd02c53c6a6b8526c90230c084e97adfe9e7c0c1b2d9d7a0ce1651f67eed0cce1432bc9fcee13ad2a5aefebe7505

  • SSDEEP

    49152:ZdSgw81FfOUtWIzmpr2uiy1VgBEjsKuo2unZwzPoM0XbXSoxdauV:ygVFWUtWQOxiVJo2unZwKXbX/7au

  Score

  10^/10

  amadeyspywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2