Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c38d8323e87fb8002f74a01c5a21bbbd0e7673c18d990e69d2f32b3c7ed20041

  • Size

    560KB

  • Sample

    230803-xwdk6afg55

  • MD5

    bb22f32da0e1e9508f256a6f17e120d6

  • SHA1

    4937bb143ed49bce22956a2913435f2b89fb2e26

  • SHA256

    c38d8323e87fb8002f74a01c5a21bbbd0e7673c18d990e69d2f32b3c7ed20041

  • SHA512

    4dd2ade575d04e12b48e9fa4e67c9b46aab9b4fd3bf25d5bf6f5c1b2eaff46c108dc9081bc82ea01b97f433b24f487853d2e0ca1416dd4138272447b302db5eb

  • SSDEEP

    12288:qMruy90k4nYC7uud3hEPpRS+mEMnAym0Cin1M3qW6st1:Yy5UYSIDmLAyPCuGZpt1

Score
10/10
amadeyhealerredlinemaxikdropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

193.233.255.9/nasa/index.php

Extracted

Family

redline

Botnet

maxik

C2

77.91.124.156:19071

Attributes
  • auth_value

    a7714e1bc167c67e3fc8f9e368352269

Targets

    • Target

      c38d8323e87fb8002f74a01c5a21bbbd0e7673c18d990e69d2f32b3c7ed20041

    • Size

      560KB

    • MD5

      bb22f32da0e1e9508f256a6f17e120d6

    • SHA1

      4937bb143ed49bce22956a2913435f2b89fb2e26

    • SHA256

      c38d8323e87fb8002f74a01c5a21bbbd0e7673c18d990e69d2f32b3c7ed20041

    • SHA512

      4dd2ade575d04e12b48e9fa4e67c9b46aab9b4fd3bf25d5bf6f5c1b2eaff46c108dc9081bc82ea01b97f433b24f487853d2e0ca1416dd4138272447b302db5eb

    • SSDEEP

      12288:qMruy90k4nYC7uud3hEPpRS+mEMnAym0Cin1M3qW6st1:Yy5UYSIDmLAyPCuGZpt1

    Score
    10/10
    amadeyhealerredlinemaxikdropperevasioninfostealerpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.