Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    792deb452983410ca8d4cc963c27363a5b5810a26114bfde915779a60fdf1491

  • Size

    2.5MB

  • Sample

    220731-gvqakacaa5

  • MD5

    271530a1d3e1e350f2e0bcb0e1ce3ec9

  • SHA1

    6a01d696d6651ca5554e6d69b29e657bf5105699

  • SHA256

    792deb452983410ca8d4cc963c27363a5b5810a26114bfde915779a60fdf1491

  • SHA512

    c598083eff36649cccb30fc785ef5366247a5f1f7082ddd77d684a4fa6e2acb74990c9f8ddfcc69e41d200706b4c598564668f1faadf9bb9043e9d02b8bf2169

Score
10/10
redlinetop1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

top1

C2

pemararslava.xyz:80

Attributes
  • auth_value

    e3ff30d1ffe0ffdb11211b351a0179a1

Targets

    • Target

      792deb452983410ca8d4cc963c27363a5b5810a26114bfde915779a60fdf1491

    • Size

      2.5MB

    • MD5

      271530a1d3e1e350f2e0bcb0e1ce3ec9

    • SHA1

      6a01d696d6651ca5554e6d69b29e657bf5105699

    • SHA256

      792deb452983410ca8d4cc963c27363a5b5810a26114bfde915779a60fdf1491

    • SHA512

      c598083eff36649cccb30fc785ef5366247a5f1f7082ddd77d684a4fa6e2acb74990c9f8ddfcc69e41d200706b4c598564668f1faadf9bb9043e9d02b8bf2169

    Score
    10/10
    redlinetop1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks