Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7078c3f66cdf1f42a59e3c44224928308db979145e0ab4e8c3e0229417dc939

  • Size

    701KB

  • Sample

    230327-3vfxsafh65

  • MD5

    e77499d722fa8c2c6caf993a2712d995

  • SHA1

    53e802d5ed95135d9385913e63b44bcbf5729569

  • SHA256

    a7078c3f66cdf1f42a59e3c44224928308db979145e0ab4e8c3e0229417dc939

  • SHA512

    c4a58df8a1e055f7f4bdb17ab30e4f89dc2bb9c861e8a420d8e54f0e54a816fd097606231daf8d6c5ca91431a18582d681471b26d71e8117740b49533f96defd

  • SSDEEP

    12288:4Mrzy90Qloymvh4e00aJ20yiRl1ebhS0UqNZkCfSvmTX7Be/UajekuEC/5/aKqsg:7yfmyEVxA4izAb/kCfSKXo/Uoe1EC/A9

Score
10/10
redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      a7078c3f66cdf1f42a59e3c44224928308db979145e0ab4e8c3e0229417dc939

    • Size

      701KB

    • MD5

      e77499d722fa8c2c6caf993a2712d995

    • SHA1

      53e802d5ed95135d9385913e63b44bcbf5729569

    • SHA256

      a7078c3f66cdf1f42a59e3c44224928308db979145e0ab4e8c3e0229417dc939

    • SHA512

      c4a58df8a1e055f7f4bdb17ab30e4f89dc2bb9c861e8a420d8e54f0e54a816fd097606231daf8d6c5ca91431a18582d681471b26d71e8117740b49533f96defd

    • SSDEEP

      12288:4Mrzy90Qloymvh4e00aJ20yiRl1ebhS0UqNZkCfSvmTX7Be/UajekuEC/5/aKqsg:7yfmyEVxA4izAb/kCfSKXo/Uoe1EC/A9

    Score
    10/10
    redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks