Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec9982a34d254f2d78122c3409e2bed7295abbe83c736e746f5037f1bbdf9c6c

  • Size

    517KB

  • Sample

    210930-t36czaaccr

  • MD5

    938702a6263e5cb70e29162cd8d3da88

  • SHA1

    48010fec2862ebe56ae93dbf18433515f5aab780

  • SHA256

    ec9982a34d254f2d78122c3409e2bed7295abbe83c736e746f5037f1bbdf9c6c

  • SHA512

    fa3707244dc98b127f3c4d6d5266ad976b3fdd85a5ada45f7b5f07c71f5c18d27058bd40d54a56caa9084b41669c2a9ce907cbc01eeb3af7c78f31841ca33a1d

Score
10/10
redline@big_tastyyyinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@big_tastyyy

C2

87.251.71.44:80

Targets

    • Target

      ec9982a34d254f2d78122c3409e2bed7295abbe83c736e746f5037f1bbdf9c6c

    • Size

      517KB

    • MD5

      938702a6263e5cb70e29162cd8d3da88

    • SHA1

      48010fec2862ebe56ae93dbf18433515f5aab780

    • SHA256

      ec9982a34d254f2d78122c3409e2bed7295abbe83c736e746f5037f1bbdf9c6c

    • SHA512

      fa3707244dc98b127f3c4d6d5266ad976b3fdd85a5ada45f7b5f07c71f5c18d27058bd40d54a56caa9084b41669c2a9ce907cbc01eeb3af7c78f31841ca33a1d

    Score
    10/10
    redline@big_tastyyyinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks