Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c98f27d1e32b6590f39a113393ef982530a875eede5987d2e78924d9e4a792b4

  • Size

    723KB

  • Sample

    230615-2t1p5abf73

  • MD5

    99e9266bb5ab613df553a48e6f3dafba

  • SHA1

    795a831b80cc5bb7195973c89c2b3701345db3eb

  • SHA256

    c98f27d1e32b6590f39a113393ef982530a875eede5987d2e78924d9e4a792b4

  • SHA512

    798b4d731c73cdcca248d8151dcdd295d6301269ee01f1f660ad4a022c3da2d671c7b9666f0c1f4aed2bbebf76da0591cda8ad99ec2cafc2706234594fba8ed0

  • SSDEEP

    12288:HMrBy90/WQLPq38LjxZ2mO6668yy2xfA9tLEt3I/TeS8/K34E5YTOqPxKo:2ySZLqEjxLF6sPfQSC17I8YTO6

Score
10/10
amadeyredlinedanajokerdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

dana

C2

83.97.73.130:19061

Attributes
  • auth_value

    da2d1691db653e49676d799e1eae2673

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Extracted

Family

redline

Botnet

joker

C2

83.97.73.130:19061

Attributes
  • auth_value

    a98d303cc28bb3b32a23c59214ae3bc0

Targets

    • Target

      c98f27d1e32b6590f39a113393ef982530a875eede5987d2e78924d9e4a792b4

    • Size

      723KB

    • MD5

      99e9266bb5ab613df553a48e6f3dafba

    • SHA1

      795a831b80cc5bb7195973c89c2b3701345db3eb

    • SHA256

      c98f27d1e32b6590f39a113393ef982530a875eede5987d2e78924d9e4a792b4

    • SHA512

      798b4d731c73cdcca248d8151dcdd295d6301269ee01f1f660ad4a022c3da2d671c7b9666f0c1f4aed2bbebf76da0591cda8ad99ec2cafc2706234594fba8ed0

    • SSDEEP

      12288:HMrBy90/WQLPq38LjxZ2mO6668yy2xfA9tLEt3I/TeS8/K34E5YTOqPxKo:2ySZLqEjxLF6sPfQSC17I8YTO6

    Score
    10/10
    amadeyredlinedanajokerdiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks