Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1ccb714dc5a49c230ecf1b86239f9983024777d3ae1dbd42971b93fba4036e4

  • Size

    271KB

  • Sample

    221127-t64njsfg8z

  • MD5

    f95895e7becbfed7b5808b190cc58bf5

  • SHA1

    76fc5f5e1bfd00695413c07835334aa097881017

  • SHA256

    a1ccb714dc5a49c230ecf1b86239f9983024777d3ae1dbd42971b93fba4036e4

  • SHA512

    4998457db76802ff24f31037809d286d4bb7a9feb4318d579f48ea8041c333a5a16037ba4687889bf0bda512718bf1c143c142c65220446b50dd8c18ff1d016e

  • SSDEEP

    3072:FTLr+scTWSq02XceKBuO8888gV+PUtbtKTUX8pFxtpSQ2v/D:FiscT7DqVKBuO8888gV+zt7HK/D

Score
10/10
laplasredlinea4infostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

a4

C2

65.21.133.231:47430

Attributes
  • auth_value

    770e1e7fb0781851d5e2e8f9e720e0dc

Extracted

Family

laplas

C2

clipper.guru

Attributes
  • api_key

    b208717c54146010ab89e628591e2a7b11493ef1c593e7b3f15b1c06b1778d59

Targets

    • Target

      a1ccb714dc5a49c230ecf1b86239f9983024777d3ae1dbd42971b93fba4036e4

    • Size

      271KB

    • MD5

      f95895e7becbfed7b5808b190cc58bf5

    • SHA1

      76fc5f5e1bfd00695413c07835334aa097881017

    • SHA256

      a1ccb714dc5a49c230ecf1b86239f9983024777d3ae1dbd42971b93fba4036e4

    • SHA512

      4998457db76802ff24f31037809d286d4bb7a9feb4318d579f48ea8041c333a5a16037ba4687889bf0bda512718bf1c143c142c65220446b50dd8c18ff1d016e

    • SSDEEP

      3072:FTLr+scTWSq02XceKBuO8888gV+PUtbtKTUX8pFxtpSQ2v/D:FiscT7DqVKBuO8888gV+zt7HK/D

    Score
    10/10
    laplasredlinea4infostealerspywarestealer

    • Laplas Clipper

      Laplas is a crypto wallet stealer with two variants written in Golang and C#.

      stealerlaplas

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks