Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abb8a152625516546fe821ff14a7fc9c993e84fcfc7cd5b431165184a6ef32b1

  • Size

    349KB

  • Sample

    230402-q4644sgf44

  • MD5

    5094371c0d2404d484a000af6965d51b

  • SHA1

    9a519729d9333fbe124248c9d1a25135dbfa159b

  • SHA256

    abb8a152625516546fe821ff14a7fc9c993e84fcfc7cd5b431165184a6ef32b1

  • SHA512

    69804de8bfa33c604f8875687fd7b1dcf65e469dc1cc67651af2357c75ab4d6c8fa3db6a74656c19a34eceb77c05f906b181da4df73a8386917af8f10e3edcea

  • SSDEEP

    6144:8VaUUcxTPNXam7nZcqTq6n/YJPKSKoNKGEaZtkjt:8YUpxjNXaaZcqG6nwJCg1HGt

Score
10/10
redline@chicagodiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@chicago

C2

185.11.61.125:22344

Attributes
  • auth_value

    21f863e0cbd09d0681058e068d0d1d7f

Targets

    • Target

      abb8a152625516546fe821ff14a7fc9c993e84fcfc7cd5b431165184a6ef32b1

    • Size

      349KB

    • MD5

      5094371c0d2404d484a000af6965d51b

    • SHA1

      9a519729d9333fbe124248c9d1a25135dbfa159b

    • SHA256

      abb8a152625516546fe821ff14a7fc9c993e84fcfc7cd5b431165184a6ef32b1

    • SHA512

      69804de8bfa33c604f8875687fd7b1dcf65e469dc1cc67651af2357c75ab4d6c8fa3db6a74656c19a34eceb77c05f906b181da4df73a8386917af8f10e3edcea

    • SSDEEP

      6144:8VaUUcxTPNXam7nZcqTq6n/YJPKSKoNKGEaZtkjt:8YUpxjNXaaZcqG6nwJCg1HGt

    Score
    10/10
    redline@chicagodiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks