Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0241045ab5912d9b68c02df8f703c7dd8cc62b7f4013b76d06d3c1faf9d03848

  • Size

    412KB

  • Sample

    221123-mptnpahh5s

  • MD5

    ab5e612769f8b7b6e03871af002d09df

  • SHA1

    7b4aba3079b6fa4d6f04a018615f7c70a3ef7ff2

  • SHA256

    0241045ab5912d9b68c02df8f703c7dd8cc62b7f4013b76d06d3c1faf9d03848

  • SHA512

    7fbf22032f92e4508eaba3e74d8e9cbaa03c623e71a88b687bb26a023c177e02ccc70e7c60d3aa0e1416cb368910dc49c7ac0e98f7b510e933958eeab4d2c80d

  • SSDEEP

    6144:GBrqpaL2WoEQW6uJcVVaLI37OBtbdW9xjrX4lO6fE6Nn:waaL2WoSpJkaLIylUtrDJ6N

Score
10/10
redlinenanoid2022discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

NanoID2022

C2

185.106.92.111:2510

Attributes
  • auth_value

    d5913c276c6c8b5735246051bef9a412

Targets

    • Target

      0241045ab5912d9b68c02df8f703c7dd8cc62b7f4013b76d06d3c1faf9d03848

    • Size

      412KB

    • MD5

      ab5e612769f8b7b6e03871af002d09df

    • SHA1

      7b4aba3079b6fa4d6f04a018615f7c70a3ef7ff2

    • SHA256

      0241045ab5912d9b68c02df8f703c7dd8cc62b7f4013b76d06d3c1faf9d03848

    • SHA512

      7fbf22032f92e4508eaba3e74d8e9cbaa03c623e71a88b687bb26a023c177e02ccc70e7c60d3aa0e1416cb368910dc49c7ac0e98f7b510e933958eeab4d2c80d

    • SSDEEP

      6144:GBrqpaL2WoEQW6uJcVVaLI37OBtbdW9xjrX4lO6fE6Nn:waaL2WoSpJkaLIylUtrDJ6N

    Score
    10/10
    redlinenanoid2022discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks