Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e49700355f96b5ae56fe79a2c07a20742d803fc4300b1cf5018148682c7645f7

  • Size

    347KB

  • Sample

    230323-wmjv5sbc4w

  • MD5

    a30a8cbf28456259c3a24c91ab2065b5

  • SHA1

    1d1c6673237263cab47793429f39fa055891a6a4

  • SHA256

    e49700355f96b5ae56fe79a2c07a20742d803fc4300b1cf5018148682c7645f7

  • SHA512

    c782561c08425f1e43c1ec9989a23bfdf94756731f7ff2ac4d0d2f28a7eadacab8216a091020105d198076de111ddb55c69442a2095b0b48ddd7fbe97aff1cf5

  • SSDEEP

    6144:Aig82BLObd6WJH/lS86MX9mspDv6W8soQyrkAufh0mYmTyvg:AB82Bad6WJHsUcsoCfhE

Score
10/10
redlinedozkdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Targets

    • Target

      e49700355f96b5ae56fe79a2c07a20742d803fc4300b1cf5018148682c7645f7

    • Size

      347KB

    • MD5

      a30a8cbf28456259c3a24c91ab2065b5

    • SHA1

      1d1c6673237263cab47793429f39fa055891a6a4

    • SHA256

      e49700355f96b5ae56fe79a2c07a20742d803fc4300b1cf5018148682c7645f7

    • SHA512

      c782561c08425f1e43c1ec9989a23bfdf94756731f7ff2ac4d0d2f28a7eadacab8216a091020105d198076de111ddb55c69442a2095b0b48ddd7fbe97aff1cf5

    • SSDEEP

      6144:Aig82BLObd6WJH/lS86MX9mspDv6W8soQyrkAufh0mYmTyvg:AB82Bad6WJHsUcsoCfhE

    Score
    10/10
    redlinedozkdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks