Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2dffd7568c0b1749e9479fc50340522063996ab48af21f52964ff8e42f122ff4

  • Size

    1.8MB

  • Sample

    220422-p9gkzaggan

  • MD5

    9471b63e999c67e2526d979fe8799f47

  • SHA1

    539555532442501f2ab534c7cb6ad2b148c524b9

  • SHA256

    2dffd7568c0b1749e9479fc50340522063996ab48af21f52964ff8e42f122ff4

  • SHA512

    e35289ace98529de36549aedd7d8d3011fba1543ffe808160b61e8bfddec920beffbbadec6d53d2d2464ae4953358e52791095672a45a866f7c7475dd5b02ec0

Score
10/10
redline@ansdvsvsvdinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@ansdvsvsvd

C2

46.8.220.88:65531

Attributes
  • auth_value

    d7b874c6650abbcb219b4f56f4676fee

Targets

    • Target

      2dffd7568c0b1749e9479fc50340522063996ab48af21f52964ff8e42f122ff4

    • Size

      1.8MB

    • MD5

      9471b63e999c67e2526d979fe8799f47

    • SHA1

      539555532442501f2ab534c7cb6ad2b148c524b9

    • SHA256

      2dffd7568c0b1749e9479fc50340522063996ab48af21f52964ff8e42f122ff4

    • SHA512

      e35289ace98529de36549aedd7d8d3011fba1543ffe808160b61e8bfddec920beffbbadec6d53d2d2464ae4953358e52791095672a45a866f7c7475dd5b02ec0

    Score
    10/10
    redline@ansdvsvsvdinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks