Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Resubmissions

17/05/2023, 13:21

230517-qlr78seb9s 10

17/05/2023, 13:18

230517-qkaxkafb74 10

11/05/2023, 19:17

230511-xzb7haab84 10

10/05/2023, 09:28

230510-lfqp1ahb3w 10

09/05/2023, 17:47

230509-wc51mafb4t 10

09/05/2023, 17:16

230509-vth2rafa4y 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d2afe1978422e82a088016a44d9591d60b744ce36e2f2778fe274df230db69e7

  • Size

    479KB

  • Sample

    230509-vth2rafa4y

  • MD5

    ad7457bc6e618bc08a892d1d7a757f97

  • SHA1

    9637fc62869b6cb5ece194857972d8a4a3eeb8df

  • SHA256

    d2afe1978422e82a088016a44d9591d60b744ce36e2f2778fe274df230db69e7

  • SHA512

    733cdac38cc99cb78c30d4ad9c71814f659a665fa4aab7884e53d603e240d5ef90cb316d6a76d1cfca001f0dc732c8b755e16c17fb088306851c5de99ff05a9b

  • SSDEEP

    12288:UMrzy905VQ+F2WVY7h69UYXBQOu+ewcjp:vyS2WqPYmOu+pcjp

Score
10/10
redlinemurkadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

murka

C2

217.196.96.101:4132

Attributes
  • auth_value

    878a0681ac6ad0e4eb10ef9db07abdd9

Targets

    • Target

      d2afe1978422e82a088016a44d9591d60b744ce36e2f2778fe274df230db69e7

    • Size

      479KB

    • MD5

      ad7457bc6e618bc08a892d1d7a757f97

    • SHA1

      9637fc62869b6cb5ece194857972d8a4a3eeb8df

    • SHA256

      d2afe1978422e82a088016a44d9591d60b744ce36e2f2778fe274df230db69e7

    • SHA512

      733cdac38cc99cb78c30d4ad9c71814f659a665fa4aab7884e53d603e240d5ef90cb316d6a76d1cfca001f0dc732c8b755e16c17fb088306851c5de99ff05a9b

    • SSDEEP

      12288:UMrzy905VQ+F2WVY7h69UYXBQOu+ewcjp:vyS2WqPYmOu+pcjp

    Score
    10/10
    redlinemurkadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks