Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8145c9923d9e26b5dd8b4d1ccbe96a725f7e8461f97a085feca9bc601153e1a3

  • Size

    641KB

  • Sample

    230802-vxhv6aga66

  • MD5

    ab837b028c4a296f3e79be807f1ff844

  • SHA1

    848c29e1c0073504e90c5957f82c78659d768115

  • SHA256

    8145c9923d9e26b5dd8b4d1ccbe96a725f7e8461f97a085feca9bc601153e1a3

  • SHA512

    7b6f7a4706e95aa3f5a2047a1e3fe3188528182cd09d145368aa5f0cbd8f722ae8841cd2e0b6e50b3950cd3863ccadac075f2809947c8c0194de18b0095f1dd5

  • SSDEEP

    12288:FMrKy9090drEICTnD+XOLBz/CqqywihiA1Ra5H2vOSzy/+jUh:rym0dazCQtqq7PidQOSzy/+jUh

Score
10/10
amadeyhealerredlinesmokeloadermaxikbackdoordropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

maxik

C2

77.91.124.156:19071

Attributes
  • auth_value

    a7714e1bc167c67e3fc8f9e368352269

Targets

    • Target

      8145c9923d9e26b5dd8b4d1ccbe96a725f7e8461f97a085feca9bc601153e1a3

    • Size

      641KB

    • MD5

      ab837b028c4a296f3e79be807f1ff844

    • SHA1

      848c29e1c0073504e90c5957f82c78659d768115

    • SHA256

      8145c9923d9e26b5dd8b4d1ccbe96a725f7e8461f97a085feca9bc601153e1a3

    • SHA512

      7b6f7a4706e95aa3f5a2047a1e3fe3188528182cd09d145368aa5f0cbd8f722ae8841cd2e0b6e50b3950cd3863ccadac075f2809947c8c0194de18b0095f1dd5

    • SSDEEP

      12288:FMrKy9090drEICTnD+XOLBz/CqqywihiA1Ra5H2vOSzy/+jUh:rym0dazCQtqq7PidQOSzy/+jUh

    Score
    10/10
    amadeyhealerredlinesmokeloadermaxikbackdoordropperevasioninfostealerpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks