Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13c65f5e22ca15ed6f84e28d228d55523355757e373391d45d33b05f58897a2a

  • Size

    723KB

  • Sample

    230309-zj4mxsbh5z

  • MD5

    2cfe31346c651b7b8e824ad2c60b5ac3

  • SHA1

    083b2426bb8a280da3f81c519bd325a7c7b6d18f

  • SHA256

    13c65f5e22ca15ed6f84e28d228d55523355757e373391d45d33b05f58897a2a

  • SHA512

    f26860f3e7c5f9eca7c024b9ad9975b4461cdd8e07197c082a5eeb59f8bbe99e3eef58a63e06a5d6224c2c30ed505893a476ad6ebf2238f9c7623070663a2717

  • SSDEEP

    12288:GPHlKPGwVTTl9OHeVLZWsV5PRkKwLDxY8krRdq72FVxPwt6qQ6TjD:YlKPVTl9IeVdt9RkMdd9JwTn

Score
10/10
amadeyredlinedezikdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

dezik

C2

193.56.146.220:4174

Attributes
  • auth_value

    d39f21dca8edc10800b036ab83f4d75e

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      13c65f5e22ca15ed6f84e28d228d55523355757e373391d45d33b05f58897a2a

    • Size

      723KB

    • MD5

      2cfe31346c651b7b8e824ad2c60b5ac3

    • SHA1

      083b2426bb8a280da3f81c519bd325a7c7b6d18f

    • SHA256

      13c65f5e22ca15ed6f84e28d228d55523355757e373391d45d33b05f58897a2a

    • SHA512

      f26860f3e7c5f9eca7c024b9ad9975b4461cdd8e07197c082a5eeb59f8bbe99e3eef58a63e06a5d6224c2c30ed505893a476ad6ebf2238f9c7623070663a2717

    • SSDEEP

      12288:GPHlKPGwVTTl9OHeVLZWsV5PRkKwLDxY8krRdq72FVxPwt6qQ6TjD:YlKPVTl9IeVdt9RkMdd9JwTn

    Score
    10/10
    amadeyredlinedezikdiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks