Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7cee9fff2bae1b06735f4079c2d76078f5c7e1f775892c8f162aef4a7d3630e8

  • Size

    1.0MB

  • Sample

    230331-lll9rsaf3v

  • MD5

    b9040e803545f35f0aca5f4e4eae6724

  • SHA1

    1fad2acbdf8684cc28bfd433cef9f3abdbf7d928

  • SHA256

    7cee9fff2bae1b06735f4079c2d76078f5c7e1f775892c8f162aef4a7d3630e8

  • SHA512

    ddc21fdc24800f09332c7f24043ec8fbfa8bf3202c86572d092c390a0e0355ced47e0177844a72094dab0258ac083001034a80e871512cad02f1a2f87e868ffb

  • SSDEEP

    24576:sy05K4/off6cbtDolm7JZ/C7BOekdqeK1UyfvautO/Y0Qu+7QTAeJ9ndQO/S:bMKaVcxDoM7S7BOeaCUyfvW/cp7QTdQE

Score
10/10
amadeyredlineliftrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

lift

C2

176.113.115.145:4125

Attributes
  • auth_value

    94f33c242a83de9dcc729e29ec435dfb

Extracted

Family

amadey

Version

3.69

C2

193.233.20.36/joomla/index.php

Targets

    • Target

      7cee9fff2bae1b06735f4079c2d76078f5c7e1f775892c8f162aef4a7d3630e8

    • Size

      1.0MB

    • MD5

      b9040e803545f35f0aca5f4e4eae6724

    • SHA1

      1fad2acbdf8684cc28bfd433cef9f3abdbf7d928

    • SHA256

      7cee9fff2bae1b06735f4079c2d76078f5c7e1f775892c8f162aef4a7d3630e8

    • SHA512

      ddc21fdc24800f09332c7f24043ec8fbfa8bf3202c86572d092c390a0e0355ced47e0177844a72094dab0258ac083001034a80e871512cad02f1a2f87e868ffb

    • SSDEEP

      24576:sy05K4/off6cbtDolm7JZ/C7BOekdqeK1UyfvautO/Y0Qu+7QTAeJ9ndQO/S:bMKaVcxDoM7S7BOeaCUyfvW/cp7QTdQE

    Score
    10/10
    amadeyredlineliftrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks