Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4b10d28c8dbe7cce15f0a33f01b3eb8d3b0f88f1ff789d70e7dc6c7bc842f39e

  • Size

    1.0MB

  • Sample

    230328-ycd81sef9t

  • MD5

    8478b4f53b923eba091fa5d36c29f829

  • SHA1

    ca485dddbec61a1e65e5921098c688b27461d74c

  • SHA256

    4b10d28c8dbe7cce15f0a33f01b3eb8d3b0f88f1ff789d70e7dc6c7bc842f39e

  • SHA512

    87b1fab06ae98f73450c4cf9380cf4d6d1223734a79fd6bf1d8e6f5e09b67625ee888b0a6e534f720cc79a7eaa5c14f8fa8bffa480e1ab4ae9ca7b72a13011db

  • SSDEEP

    24576:8yKWpZQmTXYKPBXNYMUubP4gkovjD6784onOKDJyfIuI:rjZfvRNFlgi3uMm

Score
10/10
amadeyredlinedunarosndiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

duna

C2

176.113.115.145:4125

Attributes
  • auth_value

    8879c60b4740ac2d7fb8831d4d3c396f

Extracted

Family

amadey

Version

3.68

C2

62.204.41.87/joomla/index.php

Targets

    • Target

      4b10d28c8dbe7cce15f0a33f01b3eb8d3b0f88f1ff789d70e7dc6c7bc842f39e

    • Size

      1.0MB

    • MD5

      8478b4f53b923eba091fa5d36c29f829

    • SHA1

      ca485dddbec61a1e65e5921098c688b27461d74c

    • SHA256

      4b10d28c8dbe7cce15f0a33f01b3eb8d3b0f88f1ff789d70e7dc6c7bc842f39e

    • SHA512

      87b1fab06ae98f73450c4cf9380cf4d6d1223734a79fd6bf1d8e6f5e09b67625ee888b0a6e534f720cc79a7eaa5c14f8fa8bffa480e1ab4ae9ca7b72a13011db

    • SSDEEP

      24576:8yKWpZQmTXYKPBXNYMUubP4gkovjD6784onOKDJyfIuI:rjZfvRNFlgi3uMm

    Score
    10/10
    amadeyredlinedunarosndiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks