Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22932ac12c61f7ade37d16a82ad02d08259263020f4a465d15f2830fa03df12b

  • Size

    217KB

  • Sample

    221123-nzp9padb8t

  • MD5

    994582a9698bff38051a6ecb1522c30b

  • SHA1

    79bdca7a44e56665a11c71c34b334321a39e16cd

  • SHA256

    22932ac12c61f7ade37d16a82ad02d08259263020f4a465d15f2830fa03df12b

  • SHA512

    290c4046453cb242ca57c24e739557f3d683511bcb1aa59398b04d1372e85f402bc2527542665355459692bc78664441d4f0a3d816cc349dfad9f427e765e4a3

  • SSDEEP

    3072:LT4vq60E/oW+24ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwGS:LMvr0E/oywe2xrjq6O4MJ4bM5Y4+cE

Score
10/10
redline@madboyzainfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes
  • auth_value

    9bfce7bfb110f8f53d96c7a32c655358

Targets

    • Target

      22932ac12c61f7ade37d16a82ad02d08259263020f4a465d15f2830fa03df12b

    • Size

      217KB

    • MD5

      994582a9698bff38051a6ecb1522c30b

    • SHA1

      79bdca7a44e56665a11c71c34b334321a39e16cd

    • SHA256

      22932ac12c61f7ade37d16a82ad02d08259263020f4a465d15f2830fa03df12b

    • SHA512

      290c4046453cb242ca57c24e739557f3d683511bcb1aa59398b04d1372e85f402bc2527542665355459692bc78664441d4f0a3d816cc349dfad9f427e765e4a3

    • SSDEEP

      3072:LT4vq60E/oW+24ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwGS:LMvr0E/oywe2xrjq6O4MJ4bM5Y4+cE

    Score
    10/10
    redline@madboyzainfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks