Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    27fa38fb4761e55bf2d653ea2cfd2664ed166df152a63afb1b6162419fea2572

  • Size

    754KB

  • Sample

    230530-cl6hzaef45

  • MD5

    6c354144d75f4f31403d791aa6d794ea

  • SHA1

    2354e6ef5b5e8ab89bd36743c7978f09ace167da

  • SHA256

    27fa38fb4761e55bf2d653ea2cfd2664ed166df152a63afb1b6162419fea2572

  • SHA512

    b9eb729db98ea374bff374636d6065d949f7b5a8827bc989c6329f571582305f8c9eeaf4d5229fb65b22855b1f94c972d9e9d9574e67e60eba5525ce69d9fcb8

  • SSDEEP

    12288:kMrEy90M0Xo5usxKmLa0qFx633pdIY5Ycnli48CD27CyBq5VcHSHaC0/l/Lg:YyH0XQZxKxW33QqICy7CyBcmyHbuLg

Score
10/10
redlinedizaronindiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.127:19045

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

redline

Botnet

ronin

C2

83.97.73.127:19045

Attributes
  • auth_value

    4cce855f5ba9b9b6e5b1400f102745de

Targets

    • Target

      27fa38fb4761e55bf2d653ea2cfd2664ed166df152a63afb1b6162419fea2572

    • Size

      754KB

    • MD5

      6c354144d75f4f31403d791aa6d794ea

    • SHA1

      2354e6ef5b5e8ab89bd36743c7978f09ace167da

    • SHA256

      27fa38fb4761e55bf2d653ea2cfd2664ed166df152a63afb1b6162419fea2572

    • SHA512

      b9eb729db98ea374bff374636d6065d949f7b5a8827bc989c6329f571582305f8c9eeaf4d5229fb65b22855b1f94c972d9e9d9574e67e60eba5525ce69d9fcb8

    • SSDEEP

      12288:kMrEy90M0Xo5usxKmLa0qFx633pdIY5Ycnli48CD27CyBq5VcHSHaC0/l/Lg:YyH0XQZxKxW33QqICy7CyBcmyHbuLg

    Score
    10/10
    redlinedizaronindiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks