Extracted

• • Target

    file.exe

  • Size

    1.8MB

  • MD5

    9ddbac8aaba1c5bb2f9a22717a60a6ba

  • SHA1

    16712810fcf1bb9c7f1940af8e2e59b92f4a7b65

  • SHA256

    edec375a0ef3ce9e3067aa661e9e32fee7cba13ff4f3c7ab69d6db8d7b22b03d

  • SHA512

    05d112dad0d496f825ed88c18d7c196432994f5ccca9f6f1e098d6376d56c1aa98d8c47e9542acfe2a53672802e89e68257f607b843e4ebdbd38cd44f1ddbddd

  • SSDEEP

    49152://TTxdTbrxgYihAr5xkWqG8E/N3SEry5RUuzen3lBsVL9t:/7TxZb0qrd9ucB8

  Score

  10^/10

  amadey9c9aa5discoveryevasiontrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Amadey family

    amadey

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2