Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b0e219e1659f10daa8909204dc563b61c62fd6ea7a034414ca418d8bcc1eec9f

  • Size

    799KB

  • Sample

    230617-d526bsaa65

  • MD5

    de1f5bc0b72060ff260257734f9c5a66

  • SHA1

    bd7c6c4378516d9c9ac015db5428778e5fb8a9a3

  • SHA256

    b0e219e1659f10daa8909204dc563b61c62fd6ea7a034414ca418d8bcc1eec9f

  • SHA512

    ecf356ccbb037f1e5b2549ef7326f35466570657dd41dfedac63908b564d44f3ab3ece8d24fa987717ef5b4146a027a22fd16564897ae22bdbd067d749f96d99

  • SSDEEP

    12288:OMrXy906VeEbbvB8FGt5Gvf8rB75gLJC/8Pi6to6xv4Imt545ambEjLWakAAEAte:dyxByBYp5OjPiV6xv4I84513akKB

Score
10/10
amadeyredlinegregamedodiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

grega

C2

83.97.73.130:19061

Attributes
  • auth_value

    16e2fbc2847b2270b3f0679e2dd76c8d

Extracted

Family

redline

Botnet

medo

C2

83.97.73.130:19061

Attributes
  • auth_value

    f42b958077ee5abcccfea8daf5e27d13

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

    • Target

      b0e219e1659f10daa8909204dc563b61c62fd6ea7a034414ca418d8bcc1eec9f

    • Size

      799KB

    • MD5

      de1f5bc0b72060ff260257734f9c5a66

    • SHA1

      bd7c6c4378516d9c9ac015db5428778e5fb8a9a3

    • SHA256

      b0e219e1659f10daa8909204dc563b61c62fd6ea7a034414ca418d8bcc1eec9f

    • SHA512

      ecf356ccbb037f1e5b2549ef7326f35466570657dd41dfedac63908b564d44f3ab3ece8d24fa987717ef5b4146a027a22fd16564897ae22bdbd067d749f96d99

    • SSDEEP

      12288:OMrXy906VeEbbvB8FGt5Gvf8rB75gLJC/8Pi6to6xv4Imt545ambEjLWakAAEAte:dyxByBYp5OjPiV6xv4I84513akKB

    Score
    10/10
    amadeyredlinegregamedodiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks