Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7aeba6bb3ecf7dc23027590b7298072336b72728e3c24c587ae516b272c186b6

  • Size

    700KB

  • Sample

    230327-vabhkaec96

  • MD5

    3cee1f649d7bd84aebd89d6f92447439

  • SHA1

    9327f6d47e060c6d0bb29e062d50db9f2afd595e

  • SHA256

    7aeba6bb3ecf7dc23027590b7298072336b72728e3c24c587ae516b272c186b6

  • SHA512

    91c6d4ca96c543b53280c4da7ee7a737c7c7078d8a2c1f59ef2a7ad19a6f5880adb26b0ee92d4308b53d432403cf7f72d69267918de131e28822ed8e36b324f2

  • SSDEEP

    12288:jMr5y90aFq7kuuwvXqroMxIAtqmnqKu6BqxY2jO+cJBRvLYbguNLEUoEd:iyPF7uQI0DqGBqO+cJIbguNQw

Score
10/10
redlinesonyevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      7aeba6bb3ecf7dc23027590b7298072336b72728e3c24c587ae516b272c186b6

    • Size

      700KB

    • MD5

      3cee1f649d7bd84aebd89d6f92447439

    • SHA1

      9327f6d47e060c6d0bb29e062d50db9f2afd595e

    • SHA256

      7aeba6bb3ecf7dc23027590b7298072336b72728e3c24c587ae516b272c186b6

    • SHA512

      91c6d4ca96c543b53280c4da7ee7a737c7c7078d8a2c1f59ef2a7ad19a6f5880adb26b0ee92d4308b53d432403cf7f72d69267918de131e28822ed8e36b324f2

    • SSDEEP

      12288:jMr5y90aFq7kuuwvXqroMxIAtqmnqKu6BqxY2jO+cJBRvLYbguNLEUoEd:iyPF7uQI0DqGBqO+cJIbguNQw

    Score
    10/10
    redlinesonyevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks