Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8a4faacc58569713cc6dd3e5337fb9aa00b404d5534cf336ef8e80e720a6dd9

  • Size

    2.5MB

  • Sample

    220802-hfpk6acad3

  • MD5

    d831772aa4ef469783de36afc3dae331

  • SHA1

    f8d5426e13889e220c58153d8461a55be0fd8a5d

  • SHA256

    f8a4faacc58569713cc6dd3e5337fb9aa00b404d5534cf336ef8e80e720a6dd9

  • SHA512

    80dbfbceb2d0dc626e127354541fd668a5815f7b7aa6922f231b2aefca5299f95b11c404125c89693f45439613226a5f9b06d0197de482d46105bc531baacef5

Score
10/10
redlinetop1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

top1

C2

pemararslava.xyz:80

Attributes
  • auth_value

    e3ff30d1ffe0ffdb11211b351a0179a1

Targets

    • Target

      f8a4faacc58569713cc6dd3e5337fb9aa00b404d5534cf336ef8e80e720a6dd9

    • Size

      2.5MB

    • MD5

      d831772aa4ef469783de36afc3dae331

    • SHA1

      f8d5426e13889e220c58153d8461a55be0fd8a5d

    • SHA256

      f8a4faacc58569713cc6dd3e5337fb9aa00b404d5534cf336ef8e80e720a6dd9

    • SHA512

      80dbfbceb2d0dc626e127354541fd668a5815f7b7aa6922f231b2aefca5299f95b11c404125c89693f45439613226a5f9b06d0197de482d46105bc531baacef5

    Score
    10/10
    redlinetop1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks