Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9863d76e72a55a5e42fdb2bea7b8b7245e756642e44f3c61d29f324c5b85f9c9

  • Size

    681KB

  • Sample

    230323-mqjj4sha4w

  • MD5

    caf39352b2964ebd2a0fe66c1bf066b9

  • SHA1

    5ab2d69c47889ede74a5ce2ed3d662a0825c0016

  • SHA256

    9863d76e72a55a5e42fdb2bea7b8b7245e756642e44f3c61d29f324c5b85f9c9

  • SHA512

    20d2482afcde366d1c414dc3d7672a8059979ec175808d4a4ebdba6b28422ed5fcda6e76d64e3045214ad885873bd9712f71a024e6f463590630dc008e1e1fa1

  • SSDEEP

    12288:U27p+BXAwhtThnjJ+BMlM7hDqczqtsy/sZtSql+eiuO:dIBnjtJFK7VqxKBl+f

Score
10/10
redlinedownrealdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

real

C2

193.233.20.31:4125

Attributes
  • auth_value

    bb22a50228754849387d5f4d1611e71b

Targets

    • Target

      9863d76e72a55a5e42fdb2bea7b8b7245e756642e44f3c61d29f324c5b85f9c9

    • Size

      681KB

    • MD5

      caf39352b2964ebd2a0fe66c1bf066b9

    • SHA1

      5ab2d69c47889ede74a5ce2ed3d662a0825c0016

    • SHA256

      9863d76e72a55a5e42fdb2bea7b8b7245e756642e44f3c61d29f324c5b85f9c9

    • SHA512

      20d2482afcde366d1c414dc3d7672a8059979ec175808d4a4ebdba6b28422ed5fcda6e76d64e3045214ad885873bd9712f71a024e6f463590630dc008e1e1fa1

    • SSDEEP

      12288:U27p+BXAwhtThnjJ+BMlM7hDqczqtsy/sZtSql+eiuO:dIBnjtJFK7VqxKBl+f

    Score
    10/10
    redlinedownrealdiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks