Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7505d5f6388fa279fa00ceda00ed9566b792132a29014d1e4bc0719e837ad9f

  • Size

    556KB

  • Sample

    230808-f7kp6sag73

  • MD5

    6fb444257f92d158dab599b6f3911a94

  • SHA1

    341d06bdda9b31ab21a54ff402fe360a508f6bba

  • SHA256

    d7505d5f6388fa279fa00ceda00ed9566b792132a29014d1e4bc0719e837ad9f

  • SHA512

    ef29f092ca96792faae86928be4d8717c7e213a8ac46d566fdb600a1863182393f08f984b05495e25a551f0e6d70dda042510c4d69f7d8e5f8a3f4d5edc2d0a6

  • SSDEEP

    12288:yMrEy90rW9x1iM5HyEQ10AJvKyX1GzdXNDad:ayztyjBK1dYd

Score
10/10
amadeyhealerredlinedodgedropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

dodge

C2

77.91.124.156:19071

Attributes
  • auth_value

    3372223e987be2a16148c072df30163d

Targets

    • Target

      d7505d5f6388fa279fa00ceda00ed9566b792132a29014d1e4bc0719e837ad9f

    • Size

      556KB

    • MD5

      6fb444257f92d158dab599b6f3911a94

    • SHA1

      341d06bdda9b31ab21a54ff402fe360a508f6bba

    • SHA256

      d7505d5f6388fa279fa00ceda00ed9566b792132a29014d1e4bc0719e837ad9f

    • SHA512

      ef29f092ca96792faae86928be4d8717c7e213a8ac46d566fdb600a1863182393f08f984b05495e25a551f0e6d70dda042510c4d69f7d8e5f8a3f4d5edc2d0a6

    • SSDEEP

      12288:yMrEy90rW9x1iM5HyEQ10AJvKyX1GzdXNDad:ayztyjBK1dYd

    Score
    10/10
    amadeyhealerredlinedodgedropperevasioninfostealerpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.