Extracted

• • Target

    083e53e18e2d37ebe6f1b98a2a6c25cf3da1b561f1fdc5fa785c8e3f150f44de.exe

  • Size

    3.1MB

  • MD5

    23420f238a38e874c21d48aa431f18b6

  • SHA1

    63480ddcdc010c7c93ba7368502df3360250a24e

  • SHA256

    083e53e18e2d37ebe6f1b98a2a6c25cf3da1b561f1fdc5fa785c8e3f150f44de

  • SHA512

    ee0190c25a01247f516fcee9648386fab74c75d7307c15e1426289c1984d5d097290bb00f8d3bc4b692301b3c5e6a7c2e555e20104158947c8223886cef41420

  • SSDEEP

    49152:haNUqLigFw3XTWTQ3EDQ624iDj2BEhf+xELVh:MNXLigFw3XTWTOEQ6g0fG

  Score

  10^/10

  amadey9c9aa5discoveryevasiontrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Amadey family

    amadey

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2