Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fcc5e66d6af080fe88b8371b0e28aa707ba3c27ea879e74ea5f72a8c09b516e

  • Size

    470KB

  • Sample

    230322-vrvmrscb3s

  • MD5

    393699c34aa010a6a62934de45a273bd

  • SHA1

    3308aeddb3c7fb97ce74f2f5a8510855692ec58c

  • SHA256

    5fcc5e66d6af080fe88b8371b0e28aa707ba3c27ea879e74ea5f72a8c09b516e

  • SHA512

    8972e89f3bca9ea3fc8df2d31b9c89c5c1a40c4477e6ac2b4afd54c67842beb4c57ccb8e3fae859829f3b9c45f94ee14408629e606f7a5d4d6b338307859203d

  • SSDEEP

    6144:UXtYIgeMsCIqkN2jaTTgOlWItvXnGBO0obbAL:UXtYIgeM7Ir2j4sOw6+I94L

Score
10/10
redlinedozkdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Targets

    • Target

      5fcc5e66d6af080fe88b8371b0e28aa707ba3c27ea879e74ea5f72a8c09b516e

    • Size

      470KB

    • MD5

      393699c34aa010a6a62934de45a273bd

    • SHA1

      3308aeddb3c7fb97ce74f2f5a8510855692ec58c

    • SHA256

      5fcc5e66d6af080fe88b8371b0e28aa707ba3c27ea879e74ea5f72a8c09b516e

    • SHA512

      8972e89f3bca9ea3fc8df2d31b9c89c5c1a40c4477e6ac2b4afd54c67842beb4c57ccb8e3fae859829f3b9c45f94ee14408629e606f7a5d4d6b338307859203d

    • SSDEEP

      6144:UXtYIgeMsCIqkN2jaTTgOlWItvXnGBO0obbAL:UXtYIgeM7Ir2j4sOw6+I94L

    Score
    10/10
    redlinedozkdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks