Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f25086a4bc3253035f355d0acfc513c8fb978d954c48de383427005c65174984

  • Size

    130KB

  • Sample

    220926-x82hrabha7

  • MD5

    093abfcf0894a6d848487e82a0f6cb62

  • SHA1

    3716856c02d48f6327a0565db0840fbf3e6f2c21

  • SHA256

    f25086a4bc3253035f355d0acfc513c8fb978d954c48de383427005c65174984

  • SHA512

    811e351cfa8264967e285a2fa6687aed8dee9eeebcdc2d725745e64114200ede60d352cd8ff10e2d119b2b8593aa36f06186b6e897718563116dd1cce9939251

  • SSDEEP

    3072:k1FdT55WN7RSCjbL/xJ40/3Bayju97T6w5B:5WCjbL5J40/xXV

Score
10/10
redline@au72921inslab26logsdiller cloud (tg: @mr_golds)discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

inslab26

C2

185.182.194.25:8251

Attributes
  • auth_value

    7c9cbd0e489a3c7fd31006406cb96f5b

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @mr_golds)

C2

77.73.134.27:7161

Attributes
  • auth_value

    4b2de03af6b6ac513ac597c2e6c1ad51

Extracted

Family

redline

Botnet

@au72921

C2

77.73.133.19:31892

Attributes
  • auth_value

    10dbc10867b54edc79b224c256a6dc5a

Targets

    • Target

      f25086a4bc3253035f355d0acfc513c8fb978d954c48de383427005c65174984

    • Size

      130KB

    • MD5

      093abfcf0894a6d848487e82a0f6cb62

    • SHA1

      3716856c02d48f6327a0565db0840fbf3e6f2c21

    • SHA256

      f25086a4bc3253035f355d0acfc513c8fb978d954c48de383427005c65174984

    • SHA512

      811e351cfa8264967e285a2fa6687aed8dee9eeebcdc2d725745e64114200ede60d352cd8ff10e2d119b2b8593aa36f06186b6e897718563116dd1cce9939251

    • SSDEEP

      3072:k1FdT55WN7RSCjbL/xJ40/3Bayju97T6w5B:5WCjbL5J40/xXV

    Score
    10/10
    redline@au72921inslab26logsdiller cloud (tg: @mr_golds)discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks