Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    320cbfaa24aefd9e739ad48926f700ad689f39354a6f5268c14d2761d0486377

  • Size

    580KB

  • Sample

    230605-djtxtsef59

  • MD5

    344f0a434e359bc6a06745a78d57e388

  • SHA1

    3edd2a8e9b9254da4a5027907a165cdba84790df

  • SHA256

    320cbfaa24aefd9e739ad48926f700ad689f39354a6f5268c14d2761d0486377

  • SHA512

    0b4267c8632615dad12064acfd86187dcd3ed5126464bb9c871c6915640ab771346b28753d7986b8adcba63453d15e3370a8cf3f6d0d1e5f233cf5aa1436d6a1

  • SSDEEP

    12288:pMr/y90DQQ11FxkVje5sEwjkjWW4VKRQ/LwwK66MOM:aysQQ11772n6WJVKRQTweOM

Score
10/10
redlinemaxievasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19046

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      320cbfaa24aefd9e739ad48926f700ad689f39354a6f5268c14d2761d0486377

    • Size

      580KB

    • MD5

      344f0a434e359bc6a06745a78d57e388

    • SHA1

      3edd2a8e9b9254da4a5027907a165cdba84790df

    • SHA256

      320cbfaa24aefd9e739ad48926f700ad689f39354a6f5268c14d2761d0486377

    • SHA512

      0b4267c8632615dad12064acfd86187dcd3ed5126464bb9c871c6915640ab771346b28753d7986b8adcba63453d15e3370a8cf3f6d0d1e5f233cf5aa1436d6a1

    • SSDEEP

      12288:pMr/y90DQQ11FxkVje5sEwjkjWW4VKRQ/LwwK66MOM:aysQQ11772n6WJVKRQTweOM

    Score
    10/10
    redlinemaxievasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks