Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    793dfa266486dc38f9c77d559a9a8f4d34ae7a46f5d732162621a3d3bfd6b109

  • Size

    521KB

  • Sample

    230403-vf811shg2x

  • MD5

    0522b4860ed134153eb0f60d72bd5a08

  • SHA1

    caeb30d69e3ddd210ed15510f923412fbaf08202

  • SHA256

    793dfa266486dc38f9c77d559a9a8f4d34ae7a46f5d732162621a3d3bfd6b109

  • SHA512

    19bb5b8673eb76f292ed013c5c7997f54bde3c8a9d855d015fff9a137f17d568c260b11ddd56cdd3c490b188c2ec759074ad67631be7aaf620a3f3f5717863a0

  • SSDEEP

    12288:BMr6y90kiNAu4G2kL/A/5AbCsCrLiiyouSmNO3:jyX8AkL4hAGsC6iyo8NO3

Score
10/10
redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      793dfa266486dc38f9c77d559a9a8f4d34ae7a46f5d732162621a3d3bfd6b109

    • Size

      521KB

    • MD5

      0522b4860ed134153eb0f60d72bd5a08

    • SHA1

      caeb30d69e3ddd210ed15510f923412fbaf08202

    • SHA256

      793dfa266486dc38f9c77d559a9a8f4d34ae7a46f5d732162621a3d3bfd6b109

    • SHA512

      19bb5b8673eb76f292ed013c5c7997f54bde3c8a9d855d015fff9a137f17d568c260b11ddd56cdd3c490b188c2ec759074ad67631be7aaf620a3f3f5717863a0

    • SSDEEP

      12288:BMr6y90kiNAu4G2kL/A/5AbCsCrLiiyouSmNO3:jyX8AkL4hAGsC6iyo8NO3

    Score
    10/10
    redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks