Extracted

• • Target

    7cd155fa3550db2823a75ae6df1a2bec3ae714c5e53a536b7db955d92122af8c.exe

  • Size

    1.3MB

  • MD5

    4f07388498049864f303bb0790b1ba03

  • SHA1

    9868a20be451246e387beb5b4dd87522e5b05a60

  • SHA256

    7cd155fa3550db2823a75ae6df1a2bec3ae714c5e53a536b7db955d92122af8c

  • SHA512

    47e13edf005e8f5dc633b86adc5ab2d0631e5b6347990896b6d8857540993a9face0277be534c7607a1ded3d40bc38ec3b4a8cbc1a39d53f74b5ac69db8dacdb

  • SSDEEP

    24576:TCukdjTqJY6OadMTAcTXf0IH7fMOqFW3n5A4c0njLJOaSOk469+:TcHqJDBM3MqbpcujMa/PK+

  Score

  10^/10

  discoveryamadeyb44aebtrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Amadey family

    amadey

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2