Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ae47111fef37126965eeced362c68db468de2c316de31f5889d21736312bf36

  • Size

    767KB

  • Sample

    230525-v8yqrabe64

  • MD5

    dfd9cb2681ccaba52e21031bf5b89431

  • SHA1

    4d2f15183e5b1e5359b9f450e8d87b75286cc6c9

  • SHA256

    7ae47111fef37126965eeced362c68db468de2c316de31f5889d21736312bf36

  • SHA512

    15794385c8dd580e2700c84759f42ef118a4076e26c1a9cf6be92227ff0e8c9d8112f36cf5c692e91d7bed1c4ef9acde2556dcfa7835fb1048bcb99452bebccd

  • SSDEEP

    12288:cMr+y90nkIZjP/yU/vTPX8++jJdDykHHrBCDh4xmnvSoh/jAdxwi2Ly+Q+f/avL9:ay4kIZzvzM7jJjHoDh4knZhrm0yj+369

Score
10/10
redlinedinaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

dina

C2

83.97.73.122:19062

Attributes
  • auth_value

    4f77073adc624269de1bff760b9bc471

Targets

    • Target

      7ae47111fef37126965eeced362c68db468de2c316de31f5889d21736312bf36

    • Size

      767KB

    • MD5

      dfd9cb2681ccaba52e21031bf5b89431

    • SHA1

      4d2f15183e5b1e5359b9f450e8d87b75286cc6c9

    • SHA256

      7ae47111fef37126965eeced362c68db468de2c316de31f5889d21736312bf36

    • SHA512

      15794385c8dd580e2700c84759f42ef118a4076e26c1a9cf6be92227ff0e8c9d8112f36cf5c692e91d7bed1c4ef9acde2556dcfa7835fb1048bcb99452bebccd

    • SSDEEP

      12288:cMr+y90nkIZjP/yU/vTPX8++jJdDykHHrBCDh4xmnvSoh/jAdxwi2Ly+Q+f/avL9:ay4kIZzvzM7jJjHoDh4knZhrm0yj+369

    Score
    10/10
    redlinedinaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks