Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97065afc8129f06a5c3d894f9c43785aa0d688d90d55ace1eb970aafb01f007a

  • Size

    583KB

  • Sample

    230616-l346xaed37

  • MD5

    023027fcbaacea9a8b6893e2a339cab6

  • SHA1

    74019c32568d7a71161c9ad13f775f5fc71d78d1

  • SHA256

    97065afc8129f06a5c3d894f9c43785aa0d688d90d55ace1eb970aafb01f007a

  • SHA512

    3089b0ff911a9d7c323dc2e153cd86eb49292f74011a99137f148f59cd3d170a13b18cb8fdf8b0b1ef7b2ffbfca86c7b4dc141c2575e4f74b0bed01fdf19b767

  • SSDEEP

    6144:Kiy+bnr+gp0yN90QEG5cpzoD03fFSpf0KeS3VpHkWzjZNSPRWAcrIoPKOk7Bi86n:6Mrky90mQ39aZLTfEoyOKkrhThtW4QY

Score
10/10
amadeyredlinedanajokerdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

dana

C2

83.97.73.130:19061

Attributes
  • auth_value

    da2d1691db653e49676d799e1eae2673

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Extracted

Family

redline

Botnet

joker

C2

83.97.73.130:19061

Attributes
  • auth_value

    a98d303cc28bb3b32a23c59214ae3bc0

Targets

    • Target

      97065afc8129f06a5c3d894f9c43785aa0d688d90d55ace1eb970aafb01f007a

    • Size

      583KB

    • MD5

      023027fcbaacea9a8b6893e2a339cab6

    • SHA1

      74019c32568d7a71161c9ad13f775f5fc71d78d1

    • SHA256

      97065afc8129f06a5c3d894f9c43785aa0d688d90d55ace1eb970aafb01f007a

    • SHA512

      3089b0ff911a9d7c323dc2e153cd86eb49292f74011a99137f148f59cd3d170a13b18cb8fdf8b0b1ef7b2ffbfca86c7b4dc141c2575e4f74b0bed01fdf19b767

    • SSDEEP

      6144:Kiy+bnr+gp0yN90QEG5cpzoD03fFSpf0KeS3VpHkWzjZNSPRWAcrIoPKOk7Bi86n:6Mrky90mQ39aZLTfEoyOKkrhThtW4QY

    Score
    10/10
    amadeyredlinedanajokerdiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks