Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1484900470ab003ae61e404e5cca24ab4c6e7dae3670c96a5501dfd6d70d4f6

  • Size

    364KB

  • Sample

    211019-na5cbagfbp

  • MD5

    abe03d36fda8d7c04ec29044850ca464

  • SHA1

    107256547b200a92c335fecfa1ed551039876bd3

  • SHA256

    a1484900470ab003ae61e404e5cca24ab4c6e7dae3670c96a5501dfd6d70d4f6

  • SHA512

    4f27bc4d0ee9227a90abcdf6f71c80f7e27019c996f2e4d26509c758a496bc424c2368925f10feacda71b089a15a7c741705cb4b03914763aa382b0780883bb4

Score
10/10
redlineudpdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Targets

    • Target

      a1484900470ab003ae61e404e5cca24ab4c6e7dae3670c96a5501dfd6d70d4f6

    • Size

      364KB

    • MD5

      abe03d36fda8d7c04ec29044850ca464

    • SHA1

      107256547b200a92c335fecfa1ed551039876bd3

    • SHA256

      a1484900470ab003ae61e404e5cca24ab4c6e7dae3670c96a5501dfd6d70d4f6

    • SHA512

      4f27bc4d0ee9227a90abcdf6f71c80f7e27019c996f2e4d26509c758a496bc424c2368925f10feacda71b089a15a7c741705cb4b03914763aa382b0780883bb4

    Score
    10/10
    redlineudpdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks