Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    951f19b177b3f9f9063530d09fcbd284f326c1362c38f9445a64ebcf027e7f46

  • Size

    730KB

  • Sample

    230530-12nj4acc2y

  • MD5

    c1eeca57e01f74f27c28a4ec71839528

  • SHA1

    f59647ede20448b3d8a73d54ec21e62d19965570

  • SHA256

    951f19b177b3f9f9063530d09fcbd284f326c1362c38f9445a64ebcf027e7f46

  • SHA512

    acf1dcb5501588add46789ee796beaec494b0e2c19d058dfeb478fd6b9e7f765afe0b25b59094f2454cbaab22f50dbb0b3c64cd4e3963e9440a1784db5446f23

  • SSDEEP

    12288:XMriy90J0CdtLUe+oEfAvtEsYyHSzR+tFqB+EUlHSNn37mhK7LfJovCbtvltz7gY:1yUMJYGyihIHSNn3qIPxUCpvltYS/T

Score
10/10
redlinedusaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.127:19045

Attributes
  • auth_value

    ee896466545fedf9de5406175fb82de5

Targets

    • Target

      951f19b177b3f9f9063530d09fcbd284f326c1362c38f9445a64ebcf027e7f46

    • Size

      730KB

    • MD5

      c1eeca57e01f74f27c28a4ec71839528

    • SHA1

      f59647ede20448b3d8a73d54ec21e62d19965570

    • SHA256

      951f19b177b3f9f9063530d09fcbd284f326c1362c38f9445a64ebcf027e7f46

    • SHA512

      acf1dcb5501588add46789ee796beaec494b0e2c19d058dfeb478fd6b9e7f765afe0b25b59094f2454cbaab22f50dbb0b3c64cd4e3963e9440a1784db5446f23

    • SSDEEP

      12288:XMriy90J0CdtLUe+oEfAvtEsYyHSzR+tFqB+EUlHSNn37mhK7LfJovCbtvltz7gY:1yUMJYGyihIHSNn3qIPxUCpvltYS/T

    Score
    10/10
    redlinedusaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks