Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    480011e60555be203912f2989906ec896c8f026b0884dd41d9c8d4331a7e1a96

  • Size

    383KB

  • Sample

    230324-wghe5aae2v

  • MD5

    e9dce86f601f260626b940ca7ace3226

  • SHA1

    850f40279a23a3a7a70336fd07db62dbe6639a6b

  • SHA256

    480011e60555be203912f2989906ec896c8f026b0884dd41d9c8d4331a7e1a96

  • SHA512

    cc110c4e187a6518794f4ade5cfe0eb81a75fe07ce3348b50ed01f87d1a2885b3bb296164179ffdb3b6445a1cad53b2124829cc5bb1accffda3cbd0033389877

  • SSDEEP

    6144:Nz0zyloLh0gbqpu6i0RhdJ78rFQbzBcQkwCdGuva:J0zyl0h02qu6Jd5bCwuGF

Score
10/10
redlinedozkdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Targets

    • Target

      480011e60555be203912f2989906ec896c8f026b0884dd41d9c8d4331a7e1a96

    • Size

      383KB

    • MD5

      e9dce86f601f260626b940ca7ace3226

    • SHA1

      850f40279a23a3a7a70336fd07db62dbe6639a6b

    • SHA256

      480011e60555be203912f2989906ec896c8f026b0884dd41d9c8d4331a7e1a96

    • SHA512

      cc110c4e187a6518794f4ade5cfe0eb81a75fe07ce3348b50ed01f87d1a2885b3bb296164179ffdb3b6445a1cad53b2124829cc5bb1accffda3cbd0033389877

    • SSDEEP

      6144:Nz0zyloLh0gbqpu6i0RhdJ78rFQbzBcQkwCdGuva:J0zyl0h02qu6Jd5bCwuGF

    Score
    10/10
    redlinedozkdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks