Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    943dca820ed7b7a962948fcdd46706eb98035c9e1a65dee34b43488f2cfe961c

  • Size

    539KB

  • Sample

    230324-ml7fdadf89

  • MD5

    182440b9fd57044f3c581da5d2ad6f54

  • SHA1

    47c969df60a0737d1c98afad829f94f0e47299ab

  • SHA256

    943dca820ed7b7a962948fcdd46706eb98035c9e1a65dee34b43488f2cfe961c

  • SHA512

    6ca50f9db1315a945b02d4992a0fd603dd4d8726c0a47e4553e178a6867f8c6a25b82353d6fc28b1db0aa65d4052a838efe8d50188e3a6c1aac185ab9e94f42f

  • SSDEEP

    12288:oMrMy90SVFrmbZipMY/xvI4+I9W1ryn9DmS:UyZAZ6MYZ6oG0mS

Score
10/10
redlinedownherodiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

hero

C2

193.233.20.31:4125

Attributes
  • auth_value

    11f3c75a88ca461bcc8d6bf60a1193e3

Targets

    • Target

      943dca820ed7b7a962948fcdd46706eb98035c9e1a65dee34b43488f2cfe961c

    • Size

      539KB

    • MD5

      182440b9fd57044f3c581da5d2ad6f54

    • SHA1

      47c969df60a0737d1c98afad829f94f0e47299ab

    • SHA256

      943dca820ed7b7a962948fcdd46706eb98035c9e1a65dee34b43488f2cfe961c

    • SHA512

      6ca50f9db1315a945b02d4992a0fd603dd4d8726c0a47e4553e178a6867f8c6a25b82353d6fc28b1db0aa65d4052a838efe8d50188e3a6c1aac185ab9e94f42f

    • SSDEEP

      12288:oMrMy90SVFrmbZipMY/xvI4+I9W1ryn9DmS:UyZAZ6MYZ6oG0mS

    Score
    10/10
    redlinedownherodiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks