Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43ee514caefa1048d2fb9044116dc58ca9a6a1ba89ffacdf3cf5fc9d7d82f1ca

  • Size

    281KB

  • Sample

    220922-g5stfaeabk

  • MD5

    e8ad5392fbaa817bf854a9efbf8c86e5

  • SHA1

    62b1166c26cc4ecfc99545d2d34a5a044b470d4a

  • SHA256

    43ee514caefa1048d2fb9044116dc58ca9a6a1ba89ffacdf3cf5fc9d7d82f1ca

  • SHA512

    accbe7c63594991ca730fe826e4f9dc405924298f71505adbec9fdc7336bb7874ab65de11008a40f830269dd068a861d28770423fb2a4544da9e4806439d5341

  • SSDEEP

    6144:DxQuznANBstFrG/wrxFlWHM+XJITr0zIwIMigavwVfSp:DxQuceFrG/2xkWUzIwMr

Score
10/10
redlinelogsdiller cloud (sup: @mr_golds)infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Sup: @mr_golds)

C2

77.73.134.27:8163

Attributes
  • auth_value

    56c6f7b9024c076f0a96931453da7e56

Targets

    • Target

      43ee514caefa1048d2fb9044116dc58ca9a6a1ba89ffacdf3cf5fc9d7d82f1ca

    • Size

      281KB

    • MD5

      e8ad5392fbaa817bf854a9efbf8c86e5

    • SHA1

      62b1166c26cc4ecfc99545d2d34a5a044b470d4a

    • SHA256

      43ee514caefa1048d2fb9044116dc58ca9a6a1ba89ffacdf3cf5fc9d7d82f1ca

    • SHA512

      accbe7c63594991ca730fe826e4f9dc405924298f71505adbec9fdc7336bb7874ab65de11008a40f830269dd068a861d28770423fb2a4544da9e4806439d5341

    • SSDEEP

      6144:DxQuznANBstFrG/wrxFlWHM+XJITr0zIwIMigavwVfSp:DxQuceFrG/2xkWUzIwMr

    Score
    10/10
    redlinelogsdiller cloud (sup: @mr_golds)infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks