Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c25f24d0bbae35948d3238f633fc38f6e1e89b31b8a8263f29a055562d373464

  • Size

    282KB

  • Sample

    230608-dz113sbe68

  • MD5

    529bec69258dbe2ae57e35e0bc277588

  • SHA1

    8e9ac4590dfbfbc09f550f4a5502f794d399c6ef

  • SHA256

    c25f24d0bbae35948d3238f633fc38f6e1e89b31b8a8263f29a055562d373464

  • SHA512

    1219db4d08fb63223f1b413d8b21d37b0e10f1bdc2b79bd0d09251d822fe43f1d64bbf017eabf86421380c6601a2f794e66c9e97c8eeaef81dfc239535752785

  • SSDEEP

    6144:fQvoWvJlmGrwvTygXUNVS4MGh1aBFrvz1xcxcWhYrt:fU2pyR1aBFrvz1xcxdYrt

Score
10/10
redlinesheroninfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      c25f24d0bbae35948d3238f633fc38f6e1e89b31b8a8263f29a055562d373464

    • Size

      282KB

    • MD5

      529bec69258dbe2ae57e35e0bc277588

    • SHA1

      8e9ac4590dfbfbc09f550f4a5502f794d399c6ef

    • SHA256

      c25f24d0bbae35948d3238f633fc38f6e1e89b31b8a8263f29a055562d373464

    • SHA512

      1219db4d08fb63223f1b413d8b21d37b0e10f1bdc2b79bd0d09251d822fe43f1d64bbf017eabf86421380c6601a2f794e66c9e97c8eeaef81dfc239535752785

    • SSDEEP

      6144:fQvoWvJlmGrwvTygXUNVS4MGh1aBFrvz1xcxcWhYrt:fU2pyR1aBFrvz1xcxdYrt

    Score
    10/10
    redlinesheroninfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks