Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Resubmissions

29-06-2022 01:00

220629-bcr4jsfdd9 10

28-06-2022 23:36

220628-3lnw2adbgm 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74

  • Size

    279KB

  • Sample

    220628-3lnw2adbgm

  • MD5

    e8a3b9038499e57efa0fac179995c4eb

  • SHA1

    4584bea5ef3c4d6dd4de7bc1162ab5a3000cf6d1

  • SHA256

    fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74

  • SHA512

    063874174ab32f003a26bdf2ee7651e7ff08eeac21bcc8f122a25b840f8901fbcf6ed8289f321e817bc507a86cc54b9c8e715ccc00de12735022723175d28b13

Score
10/10
recordbreakerredlinemario2infostealerspywarestealersuricata

Malware Config

Extracted

Family

redline

Botnet

mario2

C2

193.106.191.129:80

Attributes
  • auth_value

    4ef7e3fec3a418b2f0233b604d0560d9

Targets

    • Target

      fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74

    • Size

      279KB

    • MD5

      e8a3b9038499e57efa0fac179995c4eb

    • SHA1

      4584bea5ef3c4d6dd4de7bc1162ab5a3000cf6d1

    • SHA256

      fd0fadecf054fd384b0964b72331387a79d621a90383706838713f086d12ee74

    • SHA512

      063874174ab32f003a26bdf2ee7651e7ff08eeac21bcc8f122a25b840f8901fbcf6ed8289f321e817bc507a86cc54b9c8e715ccc00de12735022723175d28b13

    Score
    10/10
    recordbreakerredlinemario2infostealerspywarestealersuricata

    • RecordBreaker

      RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

      stealerrecordbreaker

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • suricata: ET MALWARE Generic Stealer Config Download Request

      suricata: ET MALWARE Generic Stealer Config Download Request

      suricata

    • suricata: ET MALWARE Win32/RecordBreaker CnC Checkin

      suricata: ET MALWARE Win32/RecordBreaker CnC Checkin

      suricata

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks