Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d8a860b47c297d054a41adc27b659088aac19c0ccf0f5f56755810cd005b70a0

  • Size

    584KB

  • Sample

    230605-ynry9aae38

  • MD5

    0f7cbdb1c7395b351099360a89410cef

  • SHA1

    0e5776633ee0d36d1b839145a53b2637c64be181

  • SHA256

    d8a860b47c297d054a41adc27b659088aac19c0ccf0f5f56755810cd005b70a0

  • SHA512

    f6d640e7ecdc7b5bc089c2e6be1045d2562627d80a0fdd152697a59935e2295f220abc358dcd815407e9c4b059c037e075695992cdfbbd5b77ef2cdaf1f9f0c3

  • SSDEEP

    12288:HMrSy90c/KcfqvBUG7EzzuT7uxe6VKUk+4pdG:Vyj8yCuIuzB

Score
10/10
redlinedizaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      d8a860b47c297d054a41adc27b659088aac19c0ccf0f5f56755810cd005b70a0

    • Size

      584KB

    • MD5

      0f7cbdb1c7395b351099360a89410cef

    • SHA1

      0e5776633ee0d36d1b839145a53b2637c64be181

    • SHA256

      d8a860b47c297d054a41adc27b659088aac19c0ccf0f5f56755810cd005b70a0

    • SHA512

      f6d640e7ecdc7b5bc089c2e6be1045d2562627d80a0fdd152697a59935e2295f220abc358dcd815407e9c4b059c037e075695992cdfbbd5b77ef2cdaf1f9f0c3

    • SSDEEP

      12288:HMrSy90c/KcfqvBUG7EzzuT7uxe6VKUk+4pdG:Vyj8yCuIuzB

    Score
    10/10
    redlinedizaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks