Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8af4dded3d07dddf19d216bbcfd48d9a926407757a67903d0b901cbf03c64537

  • Size

    290KB

  • Sample

    220929-evpypahgc4

  • MD5

    2c6b5d22740b0aa6d1cd4a6720117246

  • SHA1

    d2227060929b88f8a16b2fec50318c12ca899a27

  • SHA256

    8af4dded3d07dddf19d216bbcfd48d9a926407757a67903d0b901cbf03c64537

  • SHA512

    23e099f476a74cfee4767676b2cd287518898abdc2d73fb596b32e83838c2b6e7a09029b85d17e8e49c9d76c2a230e4959a2925a984c7104cb41c8594d9e78b1

  • SSDEEP

    6144:zYfBgeMRrKsW3towlz877/ciz7CV0RwwVfgI:zVRr23mV0aCuRk

Score
10/10
danabotredlineinsmixbankerinfostealertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Extracted

Family

redline

Botnet

insmix

C2

jamesmillion2.xyz:9420

Attributes
  • auth_value

    f388a05524f756108c9e4b0f4c4bafb6

Targets

    • Target

      8af4dded3d07dddf19d216bbcfd48d9a926407757a67903d0b901cbf03c64537

    • Size

      290KB

    • MD5

      2c6b5d22740b0aa6d1cd4a6720117246

    • SHA1

      d2227060929b88f8a16b2fec50318c12ca899a27

    • SHA256

      8af4dded3d07dddf19d216bbcfd48d9a926407757a67903d0b901cbf03c64537

    • SHA512

      23e099f476a74cfee4767676b2cd287518898abdc2d73fb596b32e83838c2b6e7a09029b85d17e8e49c9d76c2a230e4959a2925a984c7104cb41c8594d9e78b1

    • SSDEEP

      6144:zYfBgeMRrKsW3towlz877/ciz7CV0RwwVfgI:zVRr23mV0aCuRk

    Score
    10/10
    danabotredlineinsmixbankerinfostealertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks