Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    369c2a6fe01ddade49dd6ab1bdd66129669969c631737ec0c3fceefbcfd80567

  • Size

    537KB

  • Sample

    230311-3z53gaca32

  • MD5

    befc9d49e67dfb5b9481fbd5c49b6417

  • SHA1

    d28896d8e369b38324ecb6a3860cef6c7840a6df

  • SHA256

    369c2a6fe01ddade49dd6ab1bdd66129669969c631737ec0c3fceefbcfd80567

  • SHA512

    fab0328d72eedbf99bb2f0a9b976372f7bae8ac40d68901090b659e658b1ebfb07712c4bb4f0781821ee0a2392073fc3b9fb6bf810773fc7acfd6ff80989094f

  • SSDEEP

    12288:Md5+vYnP4MFbt9ZJM8HHJE/aey6Pl+sZKXIm:MvPLl68JERySl+3N

Score
10/10
amadeyredlinewelldiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

well

C2

193.233.20.28:4125

Attributes
  • auth_value

    265e7373dd436339d88347c08a10b402

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      369c2a6fe01ddade49dd6ab1bdd66129669969c631737ec0c3fceefbcfd80567

    • Size

      537KB

    • MD5

      befc9d49e67dfb5b9481fbd5c49b6417

    • SHA1

      d28896d8e369b38324ecb6a3860cef6c7840a6df

    • SHA256

      369c2a6fe01ddade49dd6ab1bdd66129669969c631737ec0c3fceefbcfd80567

    • SHA512

      fab0328d72eedbf99bb2f0a9b976372f7bae8ac40d68901090b659e658b1ebfb07712c4bb4f0781821ee0a2392073fc3b9fb6bf810773fc7acfd6ff80989094f

    • SSDEEP

      12288:Md5+vYnP4MFbt9ZJM8HHJE/aey6Pl+sZKXIm:MvPLl68JERySl+3N

    Score
    10/10
    amadeyredlinewelldiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks