Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    fb390dd81f3913643c5bc18892b4bc35620a4d35007d1ecae8d32d0a9cf11fa7

  • Size

    285KB

  • Sample

    230102-ytek4sga65

  • MD5

    9630b94350a71d36063de1b57ea3063f

  • SHA1

    e78d6d89e3cfb9b164383d1799f866e4159fecf6

  • SHA256

    fb390dd81f3913643c5bc18892b4bc35620a4d35007d1ecae8d32d0a9cf11fa7

  • SHA512

    b9fcafb8d5a33a3b8492c583d5cf4301429134e93ab7d3a1f354aba3c7a8e8dd3d5bcc87e34d7e27daec80562a751144976766a3dc55dd71b44c3c3050f17c73

  • SSDEEP

    6144:aWd94PYZfJfeB76+rG2nerhIGJFHQoQNqFHg9KHNl:aWd94PYRmG0QhDJWlxG

Score
10/10
redlinepub2infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      fb390dd81f3913643c5bc18892b4bc35620a4d35007d1ecae8d32d0a9cf11fa7

    • Size

      285KB

    • MD5

      9630b94350a71d36063de1b57ea3063f

    • SHA1

      e78d6d89e3cfb9b164383d1799f866e4159fecf6

    • SHA256

      fb390dd81f3913643c5bc18892b4bc35620a4d35007d1ecae8d32d0a9cf11fa7

    • SHA512

      b9fcafb8d5a33a3b8492c583d5cf4301429134e93ab7d3a1f354aba3c7a8e8dd3d5bcc87e34d7e27daec80562a751144976766a3dc55dd71b44c3c3050f17c73

    • SSDEEP

      6144:aWd94PYZfJfeB76+rG2nerhIGJFHQoQNqFHg9KHNl:aWd94PYRmG0QhDJWlxG

    Score
    10/10
    redlinepub2infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks