Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    221b1907e1963416c1dbb8cba4ef10b4864a4c14ba1933f842b8086bcbc5fcd6

  • Size

    2.1MB

  • Sample

    230210-kxxzzaec3w

  • MD5

    08dc82a17529853669f755c60f79c110

  • SHA1

    bd4b964b952fb65bbbaab12ad586cf3d2f8488dd

  • SHA256

    221b1907e1963416c1dbb8cba4ef10b4864a4c14ba1933f842b8086bcbc5fcd6

  • SHA512

    5d88ddc22838cecf993f09c629516f2482b21ac1d74e996d4aa43edcd34e7abb3863b88e54c08b341f6da503cb7fff56464f194c168073fc11f8928551436adc

  • SSDEEP

    49152:qOJHfzLzLtn2ofxBYlxxeJ8BootK2CYyt7F:VbLvtn2QBYPsAthU

Score
10/10
amadeyredlinefukadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

fuka

C2

193.233.20.11:4131

Attributes
  • auth_value

    90eef520554ef188793d77ecc34217bf

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

    • Target

      221b1907e1963416c1dbb8cba4ef10b4864a4c14ba1933f842b8086bcbc5fcd6

    • Size

      2.1MB

    • MD5

      08dc82a17529853669f755c60f79c110

    • SHA1

      bd4b964b952fb65bbbaab12ad586cf3d2f8488dd

    • SHA256

      221b1907e1963416c1dbb8cba4ef10b4864a4c14ba1933f842b8086bcbc5fcd6

    • SHA512

      5d88ddc22838cecf993f09c629516f2482b21ac1d74e996d4aa43edcd34e7abb3863b88e54c08b341f6da503cb7fff56464f194c168073fc11f8928551436adc

    • SSDEEP

      49152:qOJHfzLzLtn2ofxBYlxxeJ8BootK2CYyt7F:VbLvtn2QBYPsAthU

    Score
    10/10
    amadeyredlinefukadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks