Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acb66a576dd58753f4028e7377c2233e0013f86ace5e4cecf32f12123b9ae15c

  • Size

    397KB

  • Sample

    221227-tkqvkafb57

  • MD5

    05736a9315062326cd1cd231c0fc98ca

  • SHA1

    38bb6c4fac0bdd7bfd8ebdf3ded963863995fed1

  • SHA256

    acb66a576dd58753f4028e7377c2233e0013f86ace5e4cecf32f12123b9ae15c

  • SHA512

    bbfa5d92946f1486e0a63aa83e8fe8e70c79126dfd95c91a1daa72b5af3df06a71bc244dee5acac90e93c810eef83e45efb7997e59a5c07de709718fa49d489e

  • SSDEEP

    6144:F+hp0xIyuQ3QTprP30jUISJTfAOUUHIj+pYHvZW0aHkwOPSa:Fip0xIyuQgV13HIPHs0Oa

Score
10/10
redline11infostealer

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      acb66a576dd58753f4028e7377c2233e0013f86ace5e4cecf32f12123b9ae15c

    • Size

      397KB

    • MD5

      05736a9315062326cd1cd231c0fc98ca

    • SHA1

      38bb6c4fac0bdd7bfd8ebdf3ded963863995fed1

    • SHA256

      acb66a576dd58753f4028e7377c2233e0013f86ace5e4cecf32f12123b9ae15c

    • SHA512

      bbfa5d92946f1486e0a63aa83e8fe8e70c79126dfd95c91a1daa72b5af3df06a71bc244dee5acac90e93c810eef83e45efb7997e59a5c07de709718fa49d489e

    • SSDEEP

      6144:F+hp0xIyuQ3QTprP30jUISJTfAOUUHIj+pYHvZW0aHkwOPSa:Fip0xIyuQgV13HIPHs0Oa

    Score
    10/10
    redline11infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks