Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65ba8ecad6bfd7e358ab6ea6890cf929c6e5d9656da2548006bc79a9a374f00b

  • Size

    581KB

  • Sample

    230605-gpab6aff2z

  • MD5

    c1e47cbba1766521eb46cfadac0f2f43

  • SHA1

    69c59918818d333408890b3bffc8f42aa45afbba

  • SHA256

    65ba8ecad6bfd7e358ab6ea6890cf929c6e5d9656da2548006bc79a9a374f00b

  • SHA512

    93cb870609b31e8b5d82f28c878224f745360982c82a2823e8164536f4c6ea189fddffefcab72318fb18e24346d29fa8c00397c1f18f67a63a17a27276fc1de7

  • SSDEEP

    12288:xMrzy90ajANF2uMdTeK78XW72CN9oMlVNzLgj2lBNih:Kyv+0FXHj/ZgCM

Score
10/10
redlinemaxievasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19046

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      65ba8ecad6bfd7e358ab6ea6890cf929c6e5d9656da2548006bc79a9a374f00b

    • Size

      581KB

    • MD5

      c1e47cbba1766521eb46cfadac0f2f43

    • SHA1

      69c59918818d333408890b3bffc8f42aa45afbba

    • SHA256

      65ba8ecad6bfd7e358ab6ea6890cf929c6e5d9656da2548006bc79a9a374f00b

    • SHA512

      93cb870609b31e8b5d82f28c878224f745360982c82a2823e8164536f4c6ea189fddffefcab72318fb18e24346d29fa8c00397c1f18f67a63a17a27276fc1de7

    • SSDEEP

      12288:xMrzy90ajANF2uMdTeK78XW72CN9oMlVNzLgj2lBNih:Kyv+0FXHj/ZgCM

    Score
    10/10
    redlinemaxievasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks