Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8710f6f5c6012af30706971d593f9611be9a443d96118e036eeccec2ed4605af

  • Size

    2.5MB

  • Sample

    221031-l7m37abdhp

  • MD5

    c2ed72edcd5e255f771c9b8fae73464e

  • SHA1

    874f3cf76ae089fc9be2d24e6da12a436566cedf

  • SHA256

    8710f6f5c6012af30706971d593f9611be9a443d96118e036eeccec2ed4605af

  • SHA512

    4b08d3bfbcb60a2fce76ed838c4a44222d6b3e3e38f9ac328a1aa8d1f974b825de69af49a63243f461902d720300fe5b2fb04489a840c08717244bfdd6096033

  • SSDEEP

    49152:PK9DCyjw9L6UgvOmU2f33GUxZbfh0OaXY:PK9Djj8wOmU2fnGc5laI

Score
10/10
redline1310infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes
  • auth_value

    feb5f5c29913f32658637e553762a40e

Targets

    • Target

      8710f6f5c6012af30706971d593f9611be9a443d96118e036eeccec2ed4605af

    • Size

      2.5MB

    • MD5

      c2ed72edcd5e255f771c9b8fae73464e

    • SHA1

      874f3cf76ae089fc9be2d24e6da12a436566cedf

    • SHA256

      8710f6f5c6012af30706971d593f9611be9a443d96118e036eeccec2ed4605af

    • SHA512

      4b08d3bfbcb60a2fce76ed838c4a44222d6b3e3e38f9ac328a1aa8d1f974b825de69af49a63243f461902d720300fe5b2fb04489a840c08717244bfdd6096033

    • SSDEEP

      49152:PK9DCyjw9L6UgvOmU2f33GUxZbfh0OaXY:PK9Djj8wOmU2fnGc5laI

    Score
    10/10
    redline1310infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks