Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    27f3c1f2ed0d1d063648bec4bd50efa60951f1bd2f51f7a84d5462c90bf406b5

  • Size

    560KB

  • Sample

    230805-wdak4sfb9y

  • MD5

    12b81ed24cdafdcd155f739cc091495b

  • SHA1

    aab1d1e0eb9a4e215767049fd942a80f04095f73

  • SHA256

    27f3c1f2ed0d1d063648bec4bd50efa60951f1bd2f51f7a84d5462c90bf406b5

  • SHA512

    0ee01be2e0e36a2c7573ada1366be5b8b3a2868507451bea28feee28aaae59c388e645ee3113ff41d18279144bb4daaa14a7788eea45da470cc3aaad70e5f0b7

  • SSDEEP

    12288:pMrIy90id9SVLkdF3rlYEBFieQ/5dZyh:JyiV0rlYUFA5dK

Score
10/10
amadeyhealerredlinestealcsavindropperevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

193.233.255.9/nasa/index.php

Extracted

Family

redline

Botnet

savin

C2

77.91.124.156:19071

Attributes
  • auth_value

    a1a05b810428195ab7bb63b132ea0c8d

Extracted

Family

stealc

C2

http://77.73.131.100/a2f524d70db7d1a7.php

Targets

    • Target

      27f3c1f2ed0d1d063648bec4bd50efa60951f1bd2f51f7a84d5462c90bf406b5

    • Size

      560KB

    • MD5

      12b81ed24cdafdcd155f739cc091495b

    • SHA1

      aab1d1e0eb9a4e215767049fd942a80f04095f73

    • SHA256

      27f3c1f2ed0d1d063648bec4bd50efa60951f1bd2f51f7a84d5462c90bf406b5

    • SHA512

      0ee01be2e0e36a2c7573ada1366be5b8b3a2868507451bea28feee28aaae59c388e645ee3113ff41d18279144bb4daaa14a7788eea45da470cc3aaad70e5f0b7

    • SSDEEP

      12288:pMrIy90id9SVLkdF3rlYEBFieQ/5dZyh:JyiV0rlYUFA5dK

    Score
    10/10
    amadeyhealerredlinestealcsavindropperevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks