Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4454e28b92bc7cfaa8750059d6e57c4191bb9bf7ecf50b0d4fcce71a279a4ed

  • Size

    727KB

  • Sample

    230327-ftte6abg73

  • MD5

    088672234b989853ef7a3cfc9932357a

  • SHA1

    a9bf4dfdf72300ff9c9d7e5b191a6c339416bcc4

  • SHA256

    a4454e28b92bc7cfaa8750059d6e57c4191bb9bf7ecf50b0d4fcce71a279a4ed

  • SHA512

    79ede8e9a38b52e665c080b0d9f0ca996f9dcfec3b1fd5e7314a9bae976d9f556ab9111724376bf52a9084be3a68058aeea1203e3387713c94bfff4fc16cf5b9

  • SSDEEP

    12288:SMriy90jNt+uQNTaeYpf3bpN1A8MKlUkdBzZThJP4G1RYU4gps9jfd6vHCwdH:EyeNt+X5YdbBA8MKlUoVjXL4gyFFiH5

Score
10/10
redlinedentsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

dent

C2

193.233.20.33:4125

Attributes
  • auth_value

    e795368557f02e28e8aef6bcb279a3b0

Targets

    • Target

      a4454e28b92bc7cfaa8750059d6e57c4191bb9bf7ecf50b0d4fcce71a279a4ed

    • Size

      727KB

    • MD5

      088672234b989853ef7a3cfc9932357a

    • SHA1

      a9bf4dfdf72300ff9c9d7e5b191a6c339416bcc4

    • SHA256

      a4454e28b92bc7cfaa8750059d6e57c4191bb9bf7ecf50b0d4fcce71a279a4ed

    • SHA512

      79ede8e9a38b52e665c080b0d9f0ca996f9dcfec3b1fd5e7314a9bae976d9f556ab9111724376bf52a9084be3a68058aeea1203e3387713c94bfff4fc16cf5b9

    • SSDEEP

      12288:SMriy90jNt+uQNTaeYpf3bpN1A8MKlUkdBzZThJP4G1RYU4gps9jfd6vHCwdH:EyeNt+X5YdbBA8MKlUoVjXL4gyFFiH5

    Score
    10/10
    redlinedentsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.