Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa237d3a712b090bb3eee03ad50c2593b625f9c0b4555f5b12e615d1701e693b

  • Size

    1.1MB

  • Sample

    230514-zzenqsdf26

  • MD5

    b5c9a17743bfc5850eea486c3ab13c0a

  • SHA1

    f4dd884767f77d4f3a878279f0f2cef16bce2e1b

  • SHA256

    aa237d3a712b090bb3eee03ad50c2593b625f9c0b4555f5b12e615d1701e693b

  • SHA512

    0da286863245e79ddfd2ab5dc0462f518b4da09f15e304323625857a31a88435498c168589687ae2c01919db8089035e2ba4e704e5282aef71fa68e26131aa93

  • SSDEEP

    24576:6yGdG/d2CUV4pXpFazsQKsV93cev/RMbQrYGW3ysi7Lgc3:B1MCUeXyZ53/RMaA0gc

Score
10/10
redlinelindaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

linda

C2

185.161.248.75:4132

Attributes
  • auth_value

    21cdc21d041667b9c1679f88a1146770

Targets

    • Target

      aa237d3a712b090bb3eee03ad50c2593b625f9c0b4555f5b12e615d1701e693b

    • Size

      1.1MB

    • MD5

      b5c9a17743bfc5850eea486c3ab13c0a

    • SHA1

      f4dd884767f77d4f3a878279f0f2cef16bce2e1b

    • SHA256

      aa237d3a712b090bb3eee03ad50c2593b625f9c0b4555f5b12e615d1701e693b

    • SHA512

      0da286863245e79ddfd2ab5dc0462f518b4da09f15e304323625857a31a88435498c168589687ae2c01919db8089035e2ba4e704e5282aef71fa68e26131aa93

    • SSDEEP

      24576:6yGdG/d2CUV4pXpFazsQKsV93cev/RMbQrYGW3ysi7Lgc3:B1MCUeXyZ53/RMaA0gc

    Score
    10/10
    redlinelindaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks