Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0494fa919445dde14089ec1df4683fed61b2c0bec370ae99c33250e5a7814293

  • Size

    1.0MB

  • Sample

    230327-1j1fyafd59

  • MD5

    87b3b41f6995b1084ef90a5aaf09877a

  • SHA1

    709fd8289f3f9eb893648e0d09bc9878c0b3c73f

  • SHA256

    0494fa919445dde14089ec1df4683fed61b2c0bec370ae99c33250e5a7814293

  • SHA512

    f3e9a59dc26f80b3b766e28675300cbaf40f12e18cea5a7414d12158610800aa3d31d00a947f114ea442441a6193b4e03e6128ab2c1b3463fb92cd2a1af068b0

  • SSDEEP

    24576:YyCvCcAqrvDEPN0logVJzO1ICMPY9qIV:fCvDEPNKRa1I0

Score
10/10
amadeyredlinerentarosndiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

renta

C2

176.113.115.145:4125

Attributes
  • auth_value

    359596fd5b36e9925ade4d9a1846bafb

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      0494fa919445dde14089ec1df4683fed61b2c0bec370ae99c33250e5a7814293

    • Size

      1.0MB

    • MD5

      87b3b41f6995b1084ef90a5aaf09877a

    • SHA1

      709fd8289f3f9eb893648e0d09bc9878c0b3c73f

    • SHA256

      0494fa919445dde14089ec1df4683fed61b2c0bec370ae99c33250e5a7814293

    • SHA512

      f3e9a59dc26f80b3b766e28675300cbaf40f12e18cea5a7414d12158610800aa3d31d00a947f114ea442441a6193b4e03e6128ab2c1b3463fb92cd2a1af068b0

    • SSDEEP

      24576:YyCvCcAqrvDEPN0logVJzO1ICMPY9qIV:fCvDEPNKRa1I0

    Score
    10/10
    amadeyredlinerentarosndiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks