Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76846968b69e616bb20c37ecfffc776328ce268a8d5f21268e3f3299d4104723

  • Size

    188KB

  • Sample

    221122-ag8resfh4z

  • MD5

    851792ff43bd0ceabf0ef1bd77e01660

  • SHA1

    882b970a432a193046e0b4ebfaed551dbc07966e

  • SHA256

    76846968b69e616bb20c37ecfffc776328ce268a8d5f21268e3f3299d4104723

  • SHA512

    62bbbd55ec395fe6253dce13549041782887fc1c89d2e1f495fb9ad635275ab84a65cdf9d2d4f4d702cbbd5910f91fead98f8d6d6f981a902a092925fd98252a

  • SSDEEP

    3072:TVB6+NKy3oW0O7K53KC663swjF+oX0wIhq96BgA:TVCy49OVCrsEF+oEw1

Score
10/10
redlinesmokeloaderkriptbackdoorinfostealerspywaretrojan

Malware Config

Extracted

Family

redline

Botnet

KRIPT

C2

212.8.246.157:32348

Attributes
  • auth_value

    80ebe4bab7a98a7ce9c75989ff9f40b4

Targets

    • Target

      76846968b69e616bb20c37ecfffc776328ce268a8d5f21268e3f3299d4104723

    • Size

      188KB

    • MD5

      851792ff43bd0ceabf0ef1bd77e01660

    • SHA1

      882b970a432a193046e0b4ebfaed551dbc07966e

    • SHA256

      76846968b69e616bb20c37ecfffc776328ce268a8d5f21268e3f3299d4104723

    • SHA512

      62bbbd55ec395fe6253dce13549041782887fc1c89d2e1f495fb9ad635275ab84a65cdf9d2d4f4d702cbbd5910f91fead98f8d6d6f981a902a092925fd98252a

    • SSDEEP

      3072:TVB6+NKy3oW0O7K53KC663swjF+oX0wIhq96BgA:TVCy49OVCrsEF+oEw1

    Score
    10/10
    redlinesmokeloaderkriptbackdoorinfostealerspywaretrojan

    • Detects Smokeloader packer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks