Extracted

• • Target

    ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f.exe

  • Size

    1.3MB

  • MD5

    db04aa6e158c5d52c20fc855f5285905

  • SHA1

    822416dfa3f094aa6776ed0cad77fb9083db29a3

  • SHA256

    ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f

  • SHA512

    cdc0ff46ac48178da0a68d4e2601a46a960c3aa998edd66a7bb6a39d1caa7dbbe53f1aa463307a9932996d2993386addc7c54cee73811897b075dd75fbc904ff

  • SSDEEP

    24576:wbsh2BfGSklE31Sa1jnzi+k24VR5SLRUyvQAqBYcTHykVbFv4pOdfEPkXsvHo/s/:wbsQf6lEFti+kZRSUJAqB/VRsO/oo/sJ

  Score

  10^/10

  amadey1cc3fediscoverytrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Amadey family

    amadey

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2