Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f928e292ce7f292e7085024c89d3ea0afd6df8bdd79f62b900c5170da0e73851

  • Size

    1.2MB

  • Sample

    230502-jhrc7sbh7z

  • MD5

    43db08e696387d3b676eb9f6e7b99e9e

  • SHA1

    a974be70dbc6c7f6ffb868665a9e4f80f0c59d04

  • SHA256

    f928e292ce7f292e7085024c89d3ea0afd6df8bdd79f62b900c5170da0e73851

  • SHA512

    30932fd9c8157920184ab55a0315fdbe0eface1f1bf318bf962bab5dfddb8f69e7e3e7a30c0e80d28f5b0a73d64b88b948309ac0669e16a72bb5a81193003a8f

  • SSDEEP

    24576:hyKUbHZli21E3CNBt1ZD/B8s5a7G6vXXtSuhgDPSOe3JbEsdwR9pE+DN:UKUbHBG381ZD/B8b71vX9Vd5bdiRPr

Score
10/10
amadeyredlinegenaluserdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

luser

C2

185.161.248.73:4164

Attributes
  • auth_value

    cf14a84de9a3b6b7b8981202f3b616fb

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      f928e292ce7f292e7085024c89d3ea0afd6df8bdd79f62b900c5170da0e73851

    • Size

      1.2MB

    • MD5

      43db08e696387d3b676eb9f6e7b99e9e

    • SHA1

      a974be70dbc6c7f6ffb868665a9e4f80f0c59d04

    • SHA256

      f928e292ce7f292e7085024c89d3ea0afd6df8bdd79f62b900c5170da0e73851

    • SHA512

      30932fd9c8157920184ab55a0315fdbe0eface1f1bf318bf962bab5dfddb8f69e7e3e7a30c0e80d28f5b0a73d64b88b948309ac0669e16a72bb5a81193003a8f

    • SSDEEP

      24576:hyKUbHZli21E3CNBt1ZD/B8s5a7G6vXXtSuhgDPSOe3JbEsdwR9pE+DN:UKUbHBG381ZD/B8b71vX9Vd5bdiRPr

    Score
    10/10
    amadeyredlinegenaluserdiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks