Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    442e4ac20bf464693191725ebc0312d565365195a110fc36c1ac7ee0d7a57901

  • Size

    354KB

  • Sample

    220812-k1e9bsbcfn

  • MD5

    a2379ee016504345cdca39d6410f33d8

  • SHA1

    691c92acfbbc41af017f60a890780f074f64ff29

  • SHA256

    442e4ac20bf464693191725ebc0312d565365195a110fc36c1ac7ee0d7a57901

  • SHA512

    d357835033b5ce21f246a6db0a16ac21b9503131b29e9a8cdfbf4fd5c7ad5210c8b09cca30039d6ee654a5521262d0edc3d0d548372e7ff77d64751b4fec1f90

Score
10/10
redlineruzkidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

ruzki

C2

193.106.191.165:39482

Attributes
  • auth_value

    71a0558c0eea274a5bd617ea85786884

Targets

    • Target

      442e4ac20bf464693191725ebc0312d565365195a110fc36c1ac7ee0d7a57901

    • Size

      354KB

    • MD5

      a2379ee016504345cdca39d6410f33d8

    • SHA1

      691c92acfbbc41af017f60a890780f074f64ff29

    • SHA256

      442e4ac20bf464693191725ebc0312d565365195a110fc36c1ac7ee0d7a57901

    • SHA512

      d357835033b5ce21f246a6db0a16ac21b9503131b29e9a8cdfbf4fd5c7ad5210c8b09cca30039d6ee654a5521262d0edc3d0d548372e7ff77d64751b4fec1f90

    Score
    10/10
    redlineruzkidiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks