Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce8818f746137a40d8e2cfd1cdbd8fb2dc4976d663241230188aff6bcfb16d90

  • Size

    415KB

  • Sample

    211022-nt5gescdfj

  • MD5

    c1c03cbddff776182b7308e0771a2ef2

  • SHA1

    9e686940aa127194781b4096393fbe04ff8cca8d

  • SHA256

    ce8818f746137a40d8e2cfd1cdbd8fb2dc4976d663241230188aff6bcfb16d90

  • SHA512

    f1ecae60c4d8201c26437527d7f49114479e17f2ddb1f891b75c160de9bcb604d522fb03c9fedcdce3dee54d47269bf957ab9faff3842c59326f5639e0a27845

Score
10/10
redlinebtc-2021discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

BTC-2021

C2

2.56.214.190:59628

Targets

    • Target

      ce8818f746137a40d8e2cfd1cdbd8fb2dc4976d663241230188aff6bcfb16d90

    • Size

      415KB

    • MD5

      c1c03cbddff776182b7308e0771a2ef2

    • SHA1

      9e686940aa127194781b4096393fbe04ff8cca8d

    • SHA256

      ce8818f746137a40d8e2cfd1cdbd8fb2dc4976d663241230188aff6bcfb16d90

    • SHA512

      f1ecae60c4d8201c26437527d7f49114479e17f2ddb1f891b75c160de9bcb604d522fb03c9fedcdce3dee54d47269bf957ab9faff3842c59326f5639e0a27845

    Score
    10/10
    redlinebtc-2021discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks