Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a43e06bcb221f023a05ecd2dffc305cab8ccd8ef9437746237047f67dbcdfb0f

  • Size

    290KB

  • Sample

    220607-zazmlsbcf7

  • MD5

    4a64f2d33923c007c5f2cd9a964eb35c

  • SHA1

    9f95d5b12fa3e3eb742b1c7115c395884fd9c5bf

  • SHA256

    a43e06bcb221f023a05ecd2dffc305cab8ccd8ef9437746237047f67dbcdfb0f

  • SHA512

    3cae084ff3ea61d054812942a5d66f7471055ff788ec6f4d499ad86ebd430e93c9dd576ac5611c139d4269e9431278ec07ade20ebb1fa4aef1e6a95064e92213

Score
10/10
redline9-5infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

9-5

C2

139.99.32.83:43199

Attributes
  • auth_value

    637de2b47f42d9cc7912f71cb6b57b5b

Targets

    • Target

      a43e06bcb221f023a05ecd2dffc305cab8ccd8ef9437746237047f67dbcdfb0f

    • Size

      290KB

    • MD5

      4a64f2d33923c007c5f2cd9a964eb35c

    • SHA1

      9f95d5b12fa3e3eb742b1c7115c395884fd9c5bf

    • SHA256

      a43e06bcb221f023a05ecd2dffc305cab8ccd8ef9437746237047f67dbcdfb0f

    • SHA512

      3cae084ff3ea61d054812942a5d66f7471055ff788ec6f4d499ad86ebd430e93c9dd576ac5611c139d4269e9431278ec07ade20ebb1fa4aef1e6a95064e92213

    Score
    10/10
    redline9-5infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks