Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72f78b2cc3072ecada2f43aec0f2f003743d1bc03aaa0e95743aa3e5ddb169ec

  • Size

    264KB

  • Sample

    221207-yv5tpafh76

  • MD5

    4106a959726ef1b9cbfbb3b0fb7238de

  • SHA1

    772d057c3443a8baa73b6101da08c1c72777ef5d

  • SHA256

    72f78b2cc3072ecada2f43aec0f2f003743d1bc03aaa0e95743aa3e5ddb169ec

  • SHA512

    a64554237a3ef290aa3d2c4d3c2d9af2ca5408007743985e24703d2f6580d34c60f0642af0b1891aa10083411abb8962f3dfd86059ed608073d64cb02fbbf81a

  • SSDEEP

    3072:VaoezVNYdSf8qJHgv5R9dF3ZPBlCghZxw/BeVj97VhjgRpx9RIlf3:UPEKQFiM3shilf

Score
10/10
redlinesmokeloaderytbackdoorinfostealerspywaretrojan

Malware Config

Extracted

Family

redline

Botnet

YT

C2

65.21.5.58:48811

Attributes
  • auth_value

    fb878dde7f3b4ad1e1bc26d24db36d28

Targets

    • Target

      72f78b2cc3072ecada2f43aec0f2f003743d1bc03aaa0e95743aa3e5ddb169ec

    • Size

      264KB

    • MD5

      4106a959726ef1b9cbfbb3b0fb7238de

    • SHA1

      772d057c3443a8baa73b6101da08c1c72777ef5d

    • SHA256

      72f78b2cc3072ecada2f43aec0f2f003743d1bc03aaa0e95743aa3e5ddb169ec

    • SHA512

      a64554237a3ef290aa3d2c4d3c2d9af2ca5408007743985e24703d2f6580d34c60f0642af0b1891aa10083411abb8962f3dfd86059ed608073d64cb02fbbf81a

    • SSDEEP

      3072:VaoezVNYdSf8qJHgv5R9dF3ZPBlCghZxw/BeVj97VhjgRpx9RIlf3:UPEKQFiM3shilf

    Score
    10/10
    redlinesmokeloaderytbackdoorinfostealerspywaretrojan

    • Detects Smokeloader packer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks