Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    388edd10201d59010c41d7277ff39ce840a19ba896093552abd2654623aa2dcb

  • Size

    489KB

  • Sample

    230507-mk7praec96

  • MD5

    47eeb1a39c27ac86010ca64627e96fde

  • SHA1

    eba4f9f6dda015c0602590d48fff887ba483d2c5

  • SHA256

    388edd10201d59010c41d7277ff39ce840a19ba896093552abd2654623aa2dcb

  • SHA512

    b1ce635c776b8c71062ac573bb7b728ce4795a674f6cf99e9fc8eef19cf7baa0916f9eff3d65539c029ccf770a5e0ceb2992b9e7005cdc6a283825d9e9df2acd

  • SSDEEP

    12288:DMrgy902iaexOW9QYQ07+ZnebzhL8DKU8u:HyuokwVe/hwB

Score
10/10
redlineladaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

lada

C2

217.196.96.101:4132

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Targets

    • Target

      388edd10201d59010c41d7277ff39ce840a19ba896093552abd2654623aa2dcb

    • Size

      489KB

    • MD5

      47eeb1a39c27ac86010ca64627e96fde

    • SHA1

      eba4f9f6dda015c0602590d48fff887ba483d2c5

    • SHA256

      388edd10201d59010c41d7277ff39ce840a19ba896093552abd2654623aa2dcb

    • SHA512

      b1ce635c776b8c71062ac573bb7b728ce4795a674f6cf99e9fc8eef19cf7baa0916f9eff3d65539c029ccf770a5e0ceb2992b9e7005cdc6a283825d9e9df2acd

    • SSDEEP

      12288:DMrgy902iaexOW9QYQ07+ZnebzhL8DKU8u:HyuokwVe/hwB

    Score
    10/10
    redlineladaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks