Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Resubmissions

24-10-2024 12:35

241024-pssa5swdma 10

14-04-2023 13:17

230414-qjqavsbd9s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9fe85507eef89f59dba96ec7b50dd9a8a2de45f73cd62f1b8a926e3a5f99ae1

  • Size

    1.2MB

  • Sample

    230414-qjqavsbd9s

  • MD5

    f50317c48f53767776f84e6b1d1f965e

  • SHA1

    8b3eddf9d8ef16d946f3d44dbcc6f26f8d81db39

  • SHA256

    c9fe85507eef89f59dba96ec7b50dd9a8a2de45f73cd62f1b8a926e3a5f99ae1

  • SHA512

    3a57a654d7c5fe7bf61ade9622ec1a5f5e86b93f842a9194128d5d886a0c1a2612b5911fb17141cb013ed20fc0435c590b2cc53e7a67dd0cfc8f49ee31b381d7

  • SSDEEP

    24576:BywKU/yOHbtGNBHRtH+yfB8ziKQlAscXCZUh+:0wKU/H7yRRtHdGzAK

Score
10/10
amadeyredlinedirxsoftdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

soft

C2

77.91.124.146:4121

Attributes
  • auth_value

    e65663e455bca3c5699650b66e76ceaa

Extracted

Family

redline

Botnet

dirx

C2

77.91.124.146:4121

Attributes
  • auth_value

    522d988f763be056e53e089f74d464cc

Targets

    • Target

      c9fe85507eef89f59dba96ec7b50dd9a8a2de45f73cd62f1b8a926e3a5f99ae1

    • Size

      1.2MB

    • MD5

      f50317c48f53767776f84e6b1d1f965e

    • SHA1

      8b3eddf9d8ef16d946f3d44dbcc6f26f8d81db39

    • SHA256

      c9fe85507eef89f59dba96ec7b50dd9a8a2de45f73cd62f1b8a926e3a5f99ae1

    • SHA512

      3a57a654d7c5fe7bf61ade9622ec1a5f5e86b93f842a9194128d5d886a0c1a2612b5911fb17141cb013ed20fc0435c590b2cc53e7a67dd0cfc8f49ee31b381d7

    • SSDEEP

      24576:BywKU/yOHbtGNBHRtH+yfB8ziKQlAscXCZUh+:0wKU/H7yRRtHdGzAK

    Score
    10/10
    amadeyredlinedirxsoftdiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks