Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cde4be4ccc5ce4aeaf1d21347bb3f4e1b67704387c926dedd55921900f569801

  • Size

    1022KB

  • Sample

    230327-pghybsdd42

  • MD5

    cff22c02df437820607ab70c0deec711

  • SHA1

    15355040929890648dc2df65cb712ddeedc16b73

  • SHA256

    cde4be4ccc5ce4aeaf1d21347bb3f4e1b67704387c926dedd55921900f569801

  • SHA512

    22e1057eb4c426d2c523f996f739bbc38527986b18dc19b54e6febfbe5838d892089e3eb89836f5aca42217981ef83b1cc3137edcafbeef57f4e86a708dc6a87

  • SSDEEP

    24576:eyoy7YSLCEGb2FJkyifzhrIT5md9j8JCRyAEc1AaNb3SmDS5lnuCl:toYYS4ynkyszy5mP6M7r33SaSa

Score
10/10
amadeyredlinesonyviladiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

vila

C2

193.233.20.33:4125

Attributes
  • auth_value

    94b115d79ddcab0a0fb9dfab8e225c3b

Extracted

Family

amadey

Version

3.68

C2

62.204.41.87/joomla/index.php

Targets

    • Target

      cde4be4ccc5ce4aeaf1d21347bb3f4e1b67704387c926dedd55921900f569801

    • Size

      1022KB

    • MD5

      cff22c02df437820607ab70c0deec711

    • SHA1

      15355040929890648dc2df65cb712ddeedc16b73

    • SHA256

      cde4be4ccc5ce4aeaf1d21347bb3f4e1b67704387c926dedd55921900f569801

    • SHA512

      22e1057eb4c426d2c523f996f739bbc38527986b18dc19b54e6febfbe5838d892089e3eb89836f5aca42217981ef83b1cc3137edcafbeef57f4e86a708dc6a87

    • SSDEEP

      24576:eyoy7YSLCEGb2FJkyifzhrIT5md9j8JCRyAEc1AaNb3SmDS5lnuCl:toYYS4ynkyszy5mP6M7r33SaSa

    Score
    10/10
    amadeyredlinesonyviladiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks