Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a60fe3db2dc6f8d10c7cc96ca630303c45c13132aedbd010fe66c77ddc29663f

  • Size

    445KB

  • Sample

    220810-j3nstahch6

  • MD5

    12ec363656fe1f674bc35881733a8ffa

  • SHA1

    0d7fdc3f8c0479367ae25ce4769098cd9c159e0f

  • SHA256

    a60fe3db2dc6f8d10c7cc96ca630303c45c13132aedbd010fe66c77ddc29663f

  • SHA512

    dd0a96bc027db0eda7aaa3dc50785e63fccd9886b2ebef4cbbea4314af1b6a4e7ddf0734310dfa46b54fb0c6c14befe9bcd3ec1c5ccccf49706ac8702b92f6e5

Score
10/10
redlineruzkidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

ruzki

C2

193.106.191.165:39482

Attributes
  • auth_value

    71a0558c0eea274a5bd617ea85786884

Targets

    • Target

      a60fe3db2dc6f8d10c7cc96ca630303c45c13132aedbd010fe66c77ddc29663f

    • Size

      445KB

    • MD5

      12ec363656fe1f674bc35881733a8ffa

    • SHA1

      0d7fdc3f8c0479367ae25ce4769098cd9c159e0f

    • SHA256

      a60fe3db2dc6f8d10c7cc96ca630303c45c13132aedbd010fe66c77ddc29663f

    • SHA512

      dd0a96bc027db0eda7aaa3dc50785e63fccd9886b2ebef4cbbea4314af1b6a4e7ddf0734310dfa46b54fb0c6c14befe9bcd3ec1c5ccccf49706ac8702b92f6e5

    Score
    10/10
    redlineruzkidiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks