Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b1569eac6f413200d97c3f56625ee3a3de4a0d30e6bd322ea1dea7fa2067da6

  • Size

    736KB

  • Sample

    230605-z756naah53

  • MD5

    97cbd866913097c68d121dc939652d4e

  • SHA1

    4398879bf06b91351a09690ed7f92ff1d374ee50

  • SHA256

    9b1569eac6f413200d97c3f56625ee3a3de4a0d30e6bd322ea1dea7fa2067da6

  • SHA512

    448bc2f38d8f91e0bb7cab58661895bafc71563ef5586f3a2a09909d95e1dafbc0ba73581382ef28acbc1449b6de7204b54193ba3d7292b7d1b9eb0ce3f736af

  • SSDEEP

    12288:rMrdy907QXzRJ3CPsBO89H4ytfvhthxoEzgbow1nx9ecc7k:SyHPksBOUH4yiEVwX9+7k

Score
10/10
redlinemaxievasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19048

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      9b1569eac6f413200d97c3f56625ee3a3de4a0d30e6bd322ea1dea7fa2067da6

    • Size

      736KB

    • MD5

      97cbd866913097c68d121dc939652d4e

    • SHA1

      4398879bf06b91351a09690ed7f92ff1d374ee50

    • SHA256

      9b1569eac6f413200d97c3f56625ee3a3de4a0d30e6bd322ea1dea7fa2067da6

    • SHA512

      448bc2f38d8f91e0bb7cab58661895bafc71563ef5586f3a2a09909d95e1dafbc0ba73581382ef28acbc1449b6de7204b54193ba3d7292b7d1b9eb0ce3f736af

    • SSDEEP

      12288:rMrdy907QXzRJ3CPsBO89H4ytfvhthxoEzgbow1nx9ecc7k:SyHPksBOUH4yiEVwX9+7k

    Score
    10/10
    redlinemaxievasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks