Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    416e0ea5a68b1ca96a09c3ae718109f20158d57572e829a677c71145244eacd9

  • Size

    854KB

  • Sample

    230412-erlf4abc4t

  • MD5

    35d80fc8834d1f480ad5dff55e192dd0

  • SHA1

    6f23aa98730593897ba669f7b81c0ba865e9f0c5

  • SHA256

    416e0ea5a68b1ca96a09c3ae718109f20158d57572e829a677c71145244eacd9

  • SHA512

    2c19f744e736d55725daf2f6fa62f88d40d3959d9bffd2091059177a5973a74c99984a0c16730362a7871505ab1b63fc82b5a76fb8e28ef1649e91f9dce45210

  • SSDEEP

    12288:MMrIy90YD7cFiCEbpFvE4qTGhavdajybUjFgeGPd3c9A47IgG425j52kN9FmqyJi:8y5svEb7vWTfKjr8KAlgG4TkdmqyIOW

Score
10/10
amadeyredlinedizaladadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diza

C2

185.161.248.90:4125

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

amadey

Version

3.70

C2

193.201.9.43/plays/chapter/index.php

Targets

    • Target

      416e0ea5a68b1ca96a09c3ae718109f20158d57572e829a677c71145244eacd9

    • Size

      854KB

    • MD5

      35d80fc8834d1f480ad5dff55e192dd0

    • SHA1

      6f23aa98730593897ba669f7b81c0ba865e9f0c5

    • SHA256

      416e0ea5a68b1ca96a09c3ae718109f20158d57572e829a677c71145244eacd9

    • SHA512

      2c19f744e736d55725daf2f6fa62f88d40d3959d9bffd2091059177a5973a74c99984a0c16730362a7871505ab1b63fc82b5a76fb8e28ef1649e91f9dce45210

    • SSDEEP

      12288:MMrIy90YD7cFiCEbpFvE4qTGhavdajybUjFgeGPd3c9A47IgG425j52kN9FmqyJi:8y5svEb7vWTfKjr8KAlgG4TkdmqyIOW

    Score
    10/10
    amadeyredlinedizaladadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks