Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a220439a2baaad79fcc94c8f3eeeb2f24cd18e60fd164d8d853d33a0686e16b

  • Size

    240KB

  • Sample

    210927-aglxnafdg9

  • MD5

    7a2ae9b70dd7eab7eb296ae9f35ece98

  • SHA1

    bdf993fa52af0235c6346060de41ba3a382c1283

  • SHA256

    1a220439a2baaad79fcc94c8f3eeeb2f24cd18e60fd164d8d853d33a0686e16b

  • SHA512

    8fc4afa170f0a73f8f63b7b075d6484396ed6dacfc58c9d43140c1cc389f544f91814ec4fc0c3865e29449324a9674a770ee2cb2d16e41f2ee9e25b5669d0fef

Score
10/10
redlineutsdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.20:13441

Targets

    • Target

      1a220439a2baaad79fcc94c8f3eeeb2f24cd18e60fd164d8d853d33a0686e16b

    • Size

      240KB

    • MD5

      7a2ae9b70dd7eab7eb296ae9f35ece98

    • SHA1

      bdf993fa52af0235c6346060de41ba3a382c1283

    • SHA256

      1a220439a2baaad79fcc94c8f3eeeb2f24cd18e60fd164d8d853d33a0686e16b

    • SHA512

      8fc4afa170f0a73f8f63b7b075d6484396ed6dacfc58c9d43140c1cc389f544f91814ec4fc0c3865e29449324a9674a770ee2cb2d16e41f2ee9e25b5669d0fef

    Score
    10/10
    redlineutsdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks