Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    556c414155d46a553ffbc3112bc52c6998dbf3739d099051b38106010b1f93f5

  • Size

    282KB

  • Sample

    230608-a8yersae3t

  • MD5

    c1ab0f62e6604e318408f16756d4bdfc

  • SHA1

    88ca55dc563c29b0ca40020b09e9262d7018815d

  • SHA256

    556c414155d46a553ffbc3112bc52c6998dbf3739d099051b38106010b1f93f5

  • SHA512

    81b95e8881a2f3dad67fafa5d69f888a949f8dcd6d77c157cae3b24b49c9da84e614a501c3bf23f0bdcf8cef5b95a2c7346bb7046c7e0b3708a756c48e1439fa

  • SSDEEP

    6144:4QvoWvJuXZpxwvTygXUNVS4MGh1aBFrvz1xcxcWhirt:4UcJEyR1aBFrvz1xcxdirt

Score
10/10
redlinesheroninfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      556c414155d46a553ffbc3112bc52c6998dbf3739d099051b38106010b1f93f5

    • Size

      282KB

    • MD5

      c1ab0f62e6604e318408f16756d4bdfc

    • SHA1

      88ca55dc563c29b0ca40020b09e9262d7018815d

    • SHA256

      556c414155d46a553ffbc3112bc52c6998dbf3739d099051b38106010b1f93f5

    • SHA512

      81b95e8881a2f3dad67fafa5d69f888a949f8dcd6d77c157cae3b24b49c9da84e614a501c3bf23f0bdcf8cef5b95a2c7346bb7046c7e0b3708a756c48e1439fa

    • SSDEEP

      6144:4QvoWvJuXZpxwvTygXUNVS4MGh1aBFrvz1xcxcWhirt:4UcJEyR1aBFrvz1xcxdirt

    Score
    10/10
    redlinesheroninfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks