Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e1a4520ad67921056979a77768ffe815bfee07c5c017a904d41c11a7c643cbb

  • Size

    506KB

  • Sample

    221201-lgpjbsed66

  • MD5

    5bb9da34ab1a267aef9cda6f991392a1

  • SHA1

    4ea1e80a185728cc7a124344db2a436446496f55

  • SHA256

    8e1a4520ad67921056979a77768ffe815bfee07c5c017a904d41c11a7c643cbb

  • SHA512

    26a2a9cb177a22b714ee747c3b4c2045195752282809a9c82ccde8b30dd69fe07f22e251b47df85f36aef7d9fcb5ec9cead0b5c815e0f750f79b70e0eb25f14b

  • SSDEEP

    6144:e58z/c5cCj/fc36JcfjrF2jKS9inJmxPOSs7iWUgh3j9j1vUK68tx2/kc3oBuHBW:e5O/cRbfIR2Wm9OSsfTrvUK68D2/k4O

Score
10/10
redline@p1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes
  • auth_value

    54c79ce081122137049ee07c0a2f38ab

Targets

    • Target

      8e1a4520ad67921056979a77768ffe815bfee07c5c017a904d41c11a7c643cbb

    • Size

      506KB

    • MD5

      5bb9da34ab1a267aef9cda6f991392a1

    • SHA1

      4ea1e80a185728cc7a124344db2a436446496f55

    • SHA256

      8e1a4520ad67921056979a77768ffe815bfee07c5c017a904d41c11a7c643cbb

    • SHA512

      26a2a9cb177a22b714ee747c3b4c2045195752282809a9c82ccde8b30dd69fe07f22e251b47df85f36aef7d9fcb5ec9cead0b5c815e0f750f79b70e0eb25f14b

    • SSDEEP

      6144:e58z/c5cCj/fc36JcfjrF2jKS9inJmxPOSs7iWUgh3j9j1vUK68tx2/kc3oBuHBW:e5O/cRbfIR2Wm9OSsfTrvUK68D2/k4O

    Score
    10/10
    redline@p1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks