Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd7ddcf438ed71f7eedd7fd48de6e7ea2f6ed03f70650d4ded7e961b26072dee

  • Size

    873KB

  • Sample

    230303-smbyrahd81

  • MD5

    83135212d7241c1de585d6d64e7cae7d

  • SHA1

    da361a3dcb7e87aa645c7d818c885f20a0db103b

  • SHA256

    dd7ddcf438ed71f7eedd7fd48de6e7ea2f6ed03f70650d4ded7e961b26072dee

  • SHA512

    7d89957467334499cd1732da5d37c595489784f0d01de61322dfc637705412a4cf601f466037aab2c2ac3b5eb6935665de8c43288c2290b08635c6bb4b34140d

  • SSDEEP

    12288:zMr9y90kowyPOya2HMi9IQl5HstY7slU08ZMa0/Q4INCh/5nKFoCrqmvXGrG:+yRowP4HMiVHsSIK+aVNc/MgmPGrG

Score
10/10
amadeyredlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Extracted

Family

amadey

Version

3.68

C2

193.233.20.26/Do3m4Gor/index.php

Extracted

Family

redline

Botnet

foksa

C2

hueref.eu:4162

Attributes
  • auth_value

    6a9b2601a21672b285de3ed41b5402e4

Targets

    • Target

      dd7ddcf438ed71f7eedd7fd48de6e7ea2f6ed03f70650d4ded7e961b26072dee

    • Size

      873KB

    • MD5

      83135212d7241c1de585d6d64e7cae7d

    • SHA1

      da361a3dcb7e87aa645c7d818c885f20a0db103b

    • SHA256

      dd7ddcf438ed71f7eedd7fd48de6e7ea2f6ed03f70650d4ded7e961b26072dee

    • SHA512

      7d89957467334499cd1732da5d37c595489784f0d01de61322dfc637705412a4cf601f466037aab2c2ac3b5eb6935665de8c43288c2290b08635c6bb4b34140d

    • SSDEEP

      12288:zMr9y90kowyPOya2HMi9IQl5HstY7slU08ZMa0/Q4INCh/5nKFoCrqmvXGrG:+yRowP4HMiVHsSIK+aVNc/MgmPGrG

    Score
    10/10
    amadeyredlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks