Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5028d37c24353a2ad038c0aa2a69e5f5759e7eb2d108becf89b1ac6f7b666cb

  • Size

    1.1MB

  • Sample

    230514-2mdxsadg87

  • MD5

    db6b799ef46cc50e581d1a3c84b98586

  • SHA1

    99cf354fe230f8753528700887cd5e4f45e20c27

  • SHA256

    e5028d37c24353a2ad038c0aa2a69e5f5759e7eb2d108becf89b1ac6f7b666cb

  • SHA512

    5e1d7f64009aa8ba03b4399d403e874f27e61421accce29e878414de5183eb375533a6bbcee10109cc57e3dc9b7f253f0e87bdc66114d4b4baf3ee63f6acd15b

  • SSDEEP

    24576:EyPYmAL2eEHRmDnY0Njpr6KcWqKlgKAls/DcO9inGKn1:TPYmPWDDBcWd4ocOEJn

Score
10/10
redlinelindaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

linda

C2

185.161.248.75:4132

Attributes
  • auth_value

    21cdc21d041667b9c1679f88a1146770

Targets

    • Target

      e5028d37c24353a2ad038c0aa2a69e5f5759e7eb2d108becf89b1ac6f7b666cb

    • Size

      1.1MB

    • MD5

      db6b799ef46cc50e581d1a3c84b98586

    • SHA1

      99cf354fe230f8753528700887cd5e4f45e20c27

    • SHA256

      e5028d37c24353a2ad038c0aa2a69e5f5759e7eb2d108becf89b1ac6f7b666cb

    • SHA512

      5e1d7f64009aa8ba03b4399d403e874f27e61421accce29e878414de5183eb375533a6bbcee10109cc57e3dc9b7f253f0e87bdc66114d4b4baf3ee63f6acd15b

    • SSDEEP

      24576:EyPYmAL2eEHRmDnY0Njpr6KcWqKlgKAls/DcO9inGKn1:TPYmPWDDBcWd4ocOEJn

    Score
    10/10
    redlinelindaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks