Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2bcc3f4677df3ef1c0a0e09531c84bb96fabdcde82e43be2a96024bf4697aaa1

  • Size

    1.0MB

  • Sample

    230522-bpj9gagb4w

  • MD5

    1dee613a0f22c27fdccf16226887f098

  • SHA1

    7728c5e6ae26ba00e3485f63b6f793df267d5829

  • SHA256

    2bcc3f4677df3ef1c0a0e09531c84bb96fabdcde82e43be2a96024bf4697aaa1

  • SHA512

    3fb9b296c625daa09f3098bf746b109fe5af50cb17c159acf39c4532306748b6cb17463fb9977b0619007700651e073f729baac0e899869c0a1d87166df96fdc

  • SSDEEP

    24576:jyI40HLhco88cQqHkYruxSbXuRpomGyd2mT:2I4ALao88cQqHkYrG8XAo2U

Score
10/10
redlinemixaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      2bcc3f4677df3ef1c0a0e09531c84bb96fabdcde82e43be2a96024bf4697aaa1

    • Size

      1.0MB

    • MD5

      1dee613a0f22c27fdccf16226887f098

    • SHA1

      7728c5e6ae26ba00e3485f63b6f793df267d5829

    • SHA256

      2bcc3f4677df3ef1c0a0e09531c84bb96fabdcde82e43be2a96024bf4697aaa1

    • SHA512

      3fb9b296c625daa09f3098bf746b109fe5af50cb17c159acf39c4532306748b6cb17463fb9977b0619007700651e073f729baac0e899869c0a1d87166df96fdc

    • SSDEEP

      24576:jyI40HLhco88cQqHkYruxSbXuRpomGyd2mT:2I4ALao88cQqHkYrG8XAo2U

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks