Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fe48238c1fe505741333ab50df52d474fab149444184fc8e16871c6075be8b2

  • Size

    278KB

  • Sample

    221230-yrne8sbf81

  • MD5

    ffcb25b920df3bf357a12d6eabb0d491

  • SHA1

    3cbf786a17db24ea91d26646d91ea4909e0cf455

  • SHA256

    1fe48238c1fe505741333ab50df52d474fab149444184fc8e16871c6075be8b2

  • SHA512

    14705e10f313df5012f4d0bc067583610afccf10c7e193f9d22de21aa0b4c9ca415ada1cd22f08b790de453eea4ac9ec14810b7efb5acf7f884b655a840fecba

  • SSDEEP

    6144:HLgE2l4YCFeBXV4t2RaNKfofso0AGrvzg/6bX:HLgE25Xit208fo+AGrvswX

Score
10/10
redlineredline botinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

Redline Bot

C2

193.42.244.249:5514

Attributes
  • auth_value

    dba2cba3a65b70477f54eb1d91e5f886

Targets

    • Target

      1fe48238c1fe505741333ab50df52d474fab149444184fc8e16871c6075be8b2

    • Size

      278KB

    • MD5

      ffcb25b920df3bf357a12d6eabb0d491

    • SHA1

      3cbf786a17db24ea91d26646d91ea4909e0cf455

    • SHA256

      1fe48238c1fe505741333ab50df52d474fab149444184fc8e16871c6075be8b2

    • SHA512

      14705e10f313df5012f4d0bc067583610afccf10c7e193f9d22de21aa0b4c9ca415ada1cd22f08b790de453eea4ac9ec14810b7efb5acf7f884b655a840fecba

    • SSDEEP

      6144:HLgE2l4YCFeBXV4t2RaNKfofso0AGrvzg/6bX:HLgE25Xit208fo+AGrvswX

    Score
    10/10
    redlineredline botinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks