Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ca796b02c7ef0f510e74ef5674eb63d86d9aba85d43f6b828c9902406a51dcb7

  • Size

    682KB

  • Sample

    230326-1g3taaab39

  • MD5

    a0ac65cf18729003be10030e3e9ebfa2

  • SHA1

    c1b2622f383005175c5e6c2554fa5c4a3a2f79ac

  • SHA256

    ca796b02c7ef0f510e74ef5674eb63d86d9aba85d43f6b828c9902406a51dcb7

  • SHA512

    3246816e9c8026eccd94a97336affff973e386511a27c0be3dc13097b17324d78e75e6edbdd6c0d1eb83fecab3b6d1809218519b25d6080ffb17c880d1838231

  • SSDEEP

    12288:uMrDy90hp1ouFpvExCJQvnLqn6JWQJ2xk3BNZq9N1wdOQx530hKqaKwUK4GnE:hyodwCJQvnL5TJ2xeuP1sTx530hKqaKD

Score
10/10
redlinedentsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

dent

C2

193.233.20.33:4125

Attributes
  • auth_value

    e795368557f02e28e8aef6bcb279a3b0

Targets

    • Target

      ca796b02c7ef0f510e74ef5674eb63d86d9aba85d43f6b828c9902406a51dcb7

    • Size

      682KB

    • MD5

      a0ac65cf18729003be10030e3e9ebfa2

    • SHA1

      c1b2622f383005175c5e6c2554fa5c4a3a2f79ac

    • SHA256

      ca796b02c7ef0f510e74ef5674eb63d86d9aba85d43f6b828c9902406a51dcb7

    • SHA512

      3246816e9c8026eccd94a97336affff973e386511a27c0be3dc13097b17324d78e75e6edbdd6c0d1eb83fecab3b6d1809218519b25d6080ffb17c880d1838231

    • SSDEEP

      12288:uMrDy90hp1ouFpvExCJQvnLqn6JWQJ2xk3BNZq9N1wdOQx530hKqaKwUK4GnE:hyodwCJQvnL5TJ2xeuP1sTx530hKqaKD

    Score
    10/10
    redlinedentsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks