Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b99e21dce83c8184c7396d9b0fb284ce0ce662a1cc9d1ad59448000eac1bd806

  • Size

    133KB

  • Sample

    221003-bqnchsbhfj

  • MD5

    736eda1202c475f8ec0135066e58f8ab

  • SHA1

    dc52e468e8dc5864f29b2c845492e30780fdc140

  • SHA256

    b99e21dce83c8184c7396d9b0fb284ce0ce662a1cc9d1ad59448000eac1bd806

  • SHA512

    77137f17f997ad776867f04cce0eaec389d7239b0e0dd294249c03327e3969d9ce2266f5b34b2f7018119e073a53c8a02785889a8b38b06df64e28f79a680f1f

  • SSDEEP

    3072:HXrHiWjtqORs7BF/MiD/bFcooVLkryFCB8bm:7CWjt+XlrbqTK

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

C2

80.66.87.22:80

Attributes
  • auth_value

    5b663effac3b92fe687f0181631eeff2

Targets

    • Target

      b99e21dce83c8184c7396d9b0fb284ce0ce662a1cc9d1ad59448000eac1bd806

    • Size

      133KB

    • MD5

      736eda1202c475f8ec0135066e58f8ab

    • SHA1

      dc52e468e8dc5864f29b2c845492e30780fdc140

    • SHA256

      b99e21dce83c8184c7396d9b0fb284ce0ce662a1cc9d1ad59448000eac1bd806

    • SHA512

      77137f17f997ad776867f04cce0eaec389d7239b0e0dd294249c03327e3969d9ce2266f5b34b2f7018119e073a53c8a02785889a8b38b06df64e28f79a680f1f

    • SSDEEP

      3072:HXrHiWjtqORs7BF/MiD/bFcooVLkryFCB8bm:7CWjt+XlrbqTK

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks