Extracted

• • Target

    0e86c41414fcdad09e6e22dd0f1352686feff70ab4af9daaa1445c5fd5f3705d

  • Size

    3.1MB

  • MD5

    781f37e04c003c60cac7c11e97dcf22d

  • SHA1

    751520ed476ac7f96c5dd64a5e0478c6f89a4c05

  • SHA256

    0e86c41414fcdad09e6e22dd0f1352686feff70ab4af9daaa1445c5fd5f3705d

  • SHA512

    0658975b5e644eb9e8af34fa334bf333e67219ebadd6f09925cebef1dd7e3ebcbab9b7f3867f71c9c8e62c84cb7e54341f56a6443afe724ba230a0cca11f3b00

  • SSDEEP

    49152:5oOqP2CCbrUgL1y4FxJxfhCcKRnHyr1w1Sx:5WPmbrTJy4FxJth4yra1

  Score

  10^/10

  amadey9c9aa5discoveryevasiontrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Amadey family

    amadey

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2