Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34fbd6db5481ec0b9e6adb9ed999af2f93b59b834f9cefc76c8eacfaedeb79db

  • Size

    346KB

  • Sample

    230327-qk3btaff6z

  • MD5

    6093557e3e84e5ed1b2835e84941df6b

  • SHA1

    24db3355c0ff0e30def3e3a99498d2f30cc66cf2

  • SHA256

    34fbd6db5481ec0b9e6adb9ed999af2f93b59b834f9cefc76c8eacfaedeb79db

  • SHA512

    ecefc5eccc7c88a537681a33267598da43c32dbe2961a0fe09e4f4369a280b3cdefb1cc15810e9bcaf55ecd810511c50faf5cda32b0f08adf9a68023a276da8a

  • SSDEEP

    6144:3jMa+DDRLY6IEBPrmffXL/ZtzJkM3ccZDUze:TcDDREJKPKffXL/Lz/D

Score
10/10
redlinekoreamondiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

koreamon

C2

koreamonitoring.com:80

Attributes
  • auth_value

    1a0e1a9f491ef3df873a03577dfa10aa

Targets

    • Target

      34fbd6db5481ec0b9e6adb9ed999af2f93b59b834f9cefc76c8eacfaedeb79db

    • Size

      346KB

    • MD5

      6093557e3e84e5ed1b2835e84941df6b

    • SHA1

      24db3355c0ff0e30def3e3a99498d2f30cc66cf2

    • SHA256

      34fbd6db5481ec0b9e6adb9ed999af2f93b59b834f9cefc76c8eacfaedeb79db

    • SHA512

      ecefc5eccc7c88a537681a33267598da43c32dbe2961a0fe09e4f4369a280b3cdefb1cc15810e9bcaf55ecd810511c50faf5cda32b0f08adf9a68023a276da8a

    • SSDEEP

      6144:3jMa+DDRLY6IEBPrmffXL/ZtzJkM3ccZDUze:TcDDREJKPKffXL/Lz/D

    Score
    10/10
    redlinekoreamondiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks