Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6ec4fd72986c66bc55587d261594d2511ab45cc7d25b27fe808839d65cdd57f

  • Size

    180KB

  • Sample

    220604-k36t3aggg4

  • MD5

    32f56792f2fe85c1913abaa32d95b673

  • SHA1

    112885f42b9f4bd1ba4f9ebe3ec43b63e902aeb6

  • SHA256

    b6ec4fd72986c66bc55587d261594d2511ab45cc7d25b27fe808839d65cdd57f

  • SHA512

    f41a6c72eae408a7f3004d948eaf170a2f2dff7f2f945b157c0772e1ec89e4178a12cacb9240171f081802714892840ea1d4888c52c04ab06c5ac6a69e32eabb

Score
10/10
redlinetofseexmrigmario10_05_50kcollectionevasioninfostealerminerpersistencesuricatatrojanvmprotect

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Extracted

Family

redline

Botnet

mario10_05_50k

C2

176.122.23.55:32478

Attributes
  • auth_value

    8a0f0d4d76987def30f88d91e2c0388d

Targets

    • Target

      b6ec4fd72986c66bc55587d261594d2511ab45cc7d25b27fe808839d65cdd57f

    • Size

      180KB

    • MD5

      32f56792f2fe85c1913abaa32d95b673

    • SHA1

      112885f42b9f4bd1ba4f9ebe3ec43b63e902aeb6

    • SHA256

      b6ec4fd72986c66bc55587d261594d2511ab45cc7d25b27fe808839d65cdd57f

    • SHA512

      f41a6c72eae408a7f3004d948eaf170a2f2dff7f2f945b157c0772e1ec89e4178a12cacb9240171f081802714892840ea1d4888c52c04ab06c5ac6a69e32eabb

    Score
    10/10
    redlinetofseexmrigmario10_05_50kcollectionevasioninfostealerminerpersistencesuricatatrojanvmprotect

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

      suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

      suricata

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Creates new service(s)

      persistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks