Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fb7a6453b1f6d7cb74a01e9915eef27d66473741ffd5025a636d3083e4028bf

  • Size

    217KB

  • Sample

    221125-lhfmtagb95

  • MD5

    e9fd347408f049a34247a3252ef92d04

  • SHA1

    26927b1a91f8206337e5289878cea827c3a7416c

  • SHA256

    1fb7a6453b1f6d7cb74a01e9915eef27d66473741ffd5025a636d3083e4028bf

  • SHA512

    2cd06c811d76104e645f4ace2e84ba6490e1fdec1e15abb36cacf7c8c903f3dae2caaee10cd53052e711449128925e718591a9592d3027b9a4d8b062cdb650a4

  • SSDEEP

    3072:m6tC3FeGAmqo5y64Vi5yztrgnsXHLKXveE5ofyinY9gjxJep8Ez/hx0pjQkTruoG:VQ3FeGIoeFgWefBiY9gjxgv0pkkLx

Score
10/10
redline@madboyzainfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes
  • auth_value

    9bfce7bfb110f8f53d96c7a32c655358

Targets

    • Target

      1fb7a6453b1f6d7cb74a01e9915eef27d66473741ffd5025a636d3083e4028bf

    • Size

      217KB

    • MD5

      e9fd347408f049a34247a3252ef92d04

    • SHA1

      26927b1a91f8206337e5289878cea827c3a7416c

    • SHA256

      1fb7a6453b1f6d7cb74a01e9915eef27d66473741ffd5025a636d3083e4028bf

    • SHA512

      2cd06c811d76104e645f4ace2e84ba6490e1fdec1e15abb36cacf7c8c903f3dae2caaee10cd53052e711449128925e718591a9592d3027b9a4d8b062cdb650a4

    • SSDEEP

      3072:m6tC3FeGAmqo5y64Vi5yztrgnsXHLKXveE5ofyinY9gjxJep8Ez/hx0pjQkTruoG:VQ3FeGIoeFgWefBiY9gjxgv0pkkLx

    Score
    10/10
    redline@madboyzainfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks