Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    78ac30db2617db407a39162d8bf963705cbffa575648b65ddeb26ff9431243e0

  • Size

    290KB

  • Sample

    220607-syr44seddr

  • MD5

    a268805ffcc0978922cbb3d250e16525

  • SHA1

    d16ac00d687f608e76cde95f87473c91b58679e0

  • SHA256

    78ac30db2617db407a39162d8bf963705cbffa575648b65ddeb26ff9431243e0

  • SHA512

    1163e1b1d69877cc6b43412269fdada33fd36dd94e461c2dc61f1a9046bd78c7da3d3b89964cc2332f47054256696bc295fcce9c67c4de1b41906d5555e4f75e

Score
10/10
redline9-5infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

9-5

C2

139.99.32.83:43199

Attributes
  • auth_value

    637de2b47f42d9cc7912f71cb6b57b5b

Targets

    • Target

      78ac30db2617db407a39162d8bf963705cbffa575648b65ddeb26ff9431243e0

    • Size

      290KB

    • MD5

      a268805ffcc0978922cbb3d250e16525

    • SHA1

      d16ac00d687f608e76cde95f87473c91b58679e0

    • SHA256

      78ac30db2617db407a39162d8bf963705cbffa575648b65ddeb26ff9431243e0

    • SHA512

      1163e1b1d69877cc6b43412269fdada33fd36dd94e461c2dc61f1a9046bd78c7da3d3b89964cc2332f47054256696bc295fcce9c67c4de1b41906d5555e4f75e

    Score
    10/10
    redline9-5infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks