Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6c73a82f77237b6fe7b2bd7d71cfc78cf7daa49202184e0cfb2cda1816922188

  • Size

    735KB

  • Sample

    230616-3yy8jaha5z

  • MD5

    eb33a69eb74b70dd48cae20c6ca89e9d

  • SHA1

    6bb737b358fe01d4e42a7092f2ae7729d2971c21

  • SHA256

    6c73a82f77237b6fe7b2bd7d71cfc78cf7daa49202184e0cfb2cda1816922188

  • SHA512

    11a1cb0031ee1dbd04c60f077c15e613a9b917feff70ae68612ed14ad5bffd1bb6f5f534db1ba07b9defc587a4fc735ae658e7224072bd0fd1c200d1a2515618

  • SSDEEP

    12288:gMr/y90Er6BW2/D9IE3ukefB2oMH78TyNkr5LnjZI9MKdrHk6v+FLuHx7vLHk4mz:vy7rAWrE3m0H+kIO9MKdrEY/L+z

Score
10/10
amadeyredlinededogregadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

dedo

C2

83.97.73.130:19061

Attributes
  • auth_value

    ac76f7438fbe49011f900c651cb85e26

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Extracted

Family

redline

Botnet

grega

C2

83.97.73.130:19061

Attributes
  • auth_value

    16e2fbc2847b2270b3f0679e2dd76c8d

Targets

    • Target

      6c73a82f77237b6fe7b2bd7d71cfc78cf7daa49202184e0cfb2cda1816922188

    • Size

      735KB

    • MD5

      eb33a69eb74b70dd48cae20c6ca89e9d

    • SHA1

      6bb737b358fe01d4e42a7092f2ae7729d2971c21

    • SHA256

      6c73a82f77237b6fe7b2bd7d71cfc78cf7daa49202184e0cfb2cda1816922188

    • SHA512

      11a1cb0031ee1dbd04c60f077c15e613a9b917feff70ae68612ed14ad5bffd1bb6f5f534db1ba07b9defc587a4fc735ae658e7224072bd0fd1c200d1a2515618

    • SSDEEP

      12288:gMr/y90Er6BW2/D9IE3ukefB2oMH78TyNkr5LnjZI9MKdrHk6v+FLuHx7vLHk4mz:vy7rAWrE3m0H+kIO9MKdrEY/L+z

    Score
    10/10
    amadeyredlinededogregadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks