Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cabb827f972630f6eda1bed7680632776741722fc12b260164a29ab9abd4a092

  • Size

    363KB

  • Sample

    211019-kypd8agdbn

  • MD5

    085e30bfb589c3535048ecebf4df2301

  • SHA1

    002dc50751e39b200abe84d40a8fc6ca3eeb0d99

  • SHA256

    cabb827f972630f6eda1bed7680632776741722fc12b260164a29ab9abd4a092

  • SHA512

    b42e315b9cdf0f5af23ae543cad019f90e7e0f87ce5ab2565ccc56585ea493aa5a28844968737f2b1dc2bf10af26e349786954599302a2cba58fe69820739803

Score
10/10
redlinepubdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.182:52236

Targets

    • Target

      cabb827f972630f6eda1bed7680632776741722fc12b260164a29ab9abd4a092

    • Size

      363KB

    • MD5

      085e30bfb589c3535048ecebf4df2301

    • SHA1

      002dc50751e39b200abe84d40a8fc6ca3eeb0d99

    • SHA256

      cabb827f972630f6eda1bed7680632776741722fc12b260164a29ab9abd4a092

    • SHA512

      b42e315b9cdf0f5af23ae543cad019f90e7e0f87ce5ab2565ccc56585ea493aa5a28844968737f2b1dc2bf10af26e349786954599302a2cba58fe69820739803

    Score
    10/10
    redlinepubdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks