Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de7f681d20ec268a9cece53f4d5e31ad62d7b29f05e587c910b33a38e0a52b1e

  • Size

    1020KB

  • Sample

    230523-s8za6sga38

  • MD5

    bbdc206fa6b93e8fc49cc300508673eb

  • SHA1

    60cf20565f0b51ff4a3a5d790352a7f63e94a362

  • SHA256

    de7f681d20ec268a9cece53f4d5e31ad62d7b29f05e587c910b33a38e0a52b1e

  • SHA512

    921df326b34bbbca0002d6f3421110a06cd41277df8a7afb39c41003a3a109509c2589581b6082187868cfe1c9a092c2efe858d47e40e0261396dd6f43efd2a8

  • SSDEEP

    24576:gyooB2sy5zeJwov200sUXioQqFYOdp9gK74RvBkY4:nqf5Mnv8ioRVdEK74F7

Score
10/10
loaderbotredlinexmriglupadiscoveryevasioninfostealerloaderminerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

83.97.73.122:19062

Attributes
  • auth_value

    6a764aa41830c77712442516d143bc9c

Targets

    • Target

      de7f681d20ec268a9cece53f4d5e31ad62d7b29f05e587c910b33a38e0a52b1e

    • Size

      1020KB

    • MD5

      bbdc206fa6b93e8fc49cc300508673eb

    • SHA1

      60cf20565f0b51ff4a3a5d790352a7f63e94a362

    • SHA256

      de7f681d20ec268a9cece53f4d5e31ad62d7b29f05e587c910b33a38e0a52b1e

    • SHA512

      921df326b34bbbca0002d6f3421110a06cd41277df8a7afb39c41003a3a109509c2589581b6082187868cfe1c9a092c2efe858d47e40e0261396dd6f43efd2a8

    • SSDEEP

      24576:gyooB2sy5zeJwov200sUXioQqFYOdp9gK74RvBkY4:nqf5Mnv8ioRVdEK74F7

    Score
    10/10
    loaderbotredlinexmriglupadiscoveryevasioninfostealerloaderminerpersistencespywarestealertrojan

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • LoaderBot executable

    • XMRig Miner payload

      miner

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks