Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de5635d42f03a3bc24329303792c640d993dccda9737b106aff9ef7b55e60498

  • Size

    364KB

  • Sample

    211019-pc4n8sgffr

  • MD5

    0aa1e62a1d99ce66aa458c4720cd3e2b

  • SHA1

    f298d5168ba4cd5859809de358266efbab98c8c3

  • SHA256

    de5635d42f03a3bc24329303792c640d993dccda9737b106aff9ef7b55e60498

  • SHA512

    821559b84de091b4f35bca4dcdbe2d79b3c3533b614921a90b74ae313118081f86aeab015a27e0607046b1817681568ef8143d8879f06afb4757fa5f2d8cc8f3

Score
10/10
redlinepubdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.182:52236

Targets

    • Target

      de5635d42f03a3bc24329303792c640d993dccda9737b106aff9ef7b55e60498

    • Size

      364KB

    • MD5

      0aa1e62a1d99ce66aa458c4720cd3e2b

    • SHA1

      f298d5168ba4cd5859809de358266efbab98c8c3

    • SHA256

      de5635d42f03a3bc24329303792c640d993dccda9737b106aff9ef7b55e60498

    • SHA512

      821559b84de091b4f35bca4dcdbe2d79b3c3533b614921a90b74ae313118081f86aeab015a27e0607046b1817681568ef8143d8879f06afb4757fa5f2d8cc8f3

    Score
    10/10
    redlinepubdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks