Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7bb6fd5818eb06394627ff09f956d73cb9c22827d2b4af0668658b2ebea46ee1

  • Size

    390KB

  • Sample

    220706-mmwp9sdga7

  • MD5

    08711f16e027176a55d1168e16064eab

  • SHA1

    bfadca8030deb05ef9a2bbadfd9ef4207c761fca

  • SHA256

    7bb6fd5818eb06394627ff09f956d73cb9c22827d2b4af0668658b2ebea46ee1

  • SHA512

    67e825afcff7a1018b9876cc153d4f5752eb6c7da9f7763660ebde5dff5665694ae0516d510a0261c2331e9362a6b8d2ef3451d3001a061a9419960e1fb2fbdb

Score
10/10
redlinekristdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Krist

C2

193.106.191.81:23196

Attributes
  • auth_value

    7d4ae8db7dd902559e9da29b75799e68

Targets

    • Target

      7bb6fd5818eb06394627ff09f956d73cb9c22827d2b4af0668658b2ebea46ee1

    • Size

      390KB

    • MD5

      08711f16e027176a55d1168e16064eab

    • SHA1

      bfadca8030deb05ef9a2bbadfd9ef4207c761fca

    • SHA256

      7bb6fd5818eb06394627ff09f956d73cb9c22827d2b4af0668658b2ebea46ee1

    • SHA512

      67e825afcff7a1018b9876cc153d4f5752eb6c7da9f7763660ebde5dff5665694ae0516d510a0261c2331e9362a6b8d2ef3451d3001a061a9419960e1fb2fbdb

    Score
    10/10
    redlinekristdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks