Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a4eea2f85cbd5b3e64f300995cd73fe49c8f87ebd04390f9e7bfd255e530208

  • Size

    734KB

  • Sample

    230605-yw56vabb9z

  • MD5

    9a6580b46ca50ce4131cb918ac997add

  • SHA1

    5e5ce44dfa36452470e70550d7236c7f099fd8c4

  • SHA256

    3a4eea2f85cbd5b3e64f300995cd73fe49c8f87ebd04390f9e7bfd255e530208

  • SHA512

    4741fef9ce323bb08cb469a8f07f3e883173a44ce88c96021668e491b919743aabf4022d65aa95ffbb081729ab1df5b280b618981b6e9e307ddd466343db26b6

  • SSDEEP

    12288:AMryy90/R5FGwpJwfk49FrWMal5ZaWPMYdjX3A9FB6R5EbVFMrLXnPqz6WMJ8am4:iyM8gwfr9JilyWP5XQFkARFMHPqvMJ8O

Score
10/10
redlinemaxievasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19048

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      3a4eea2f85cbd5b3e64f300995cd73fe49c8f87ebd04390f9e7bfd255e530208

    • Size

      734KB

    • MD5

      9a6580b46ca50ce4131cb918ac997add

    • SHA1

      5e5ce44dfa36452470e70550d7236c7f099fd8c4

    • SHA256

      3a4eea2f85cbd5b3e64f300995cd73fe49c8f87ebd04390f9e7bfd255e530208

    • SHA512

      4741fef9ce323bb08cb469a8f07f3e883173a44ce88c96021668e491b919743aabf4022d65aa95ffbb081729ab1df5b280b618981b6e9e307ddd466343db26b6

    • SSDEEP

      12288:AMryy90/R5FGwpJwfk49FrWMal5ZaWPMYdjX3A9FB6R5EbVFMrLXnPqz6WMJ8am4:iyM8gwfr9JilyWP5XQFkARFMHPqvMJ8O

    Score
    10/10
    redlinemaxievasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks