Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8ed9cb4ffd0d99615a2f6c840a1d324ebd590b710de9620730622cff6fe5c464

  • Size

    282KB

  • Sample

    230608-frtcdach61

  • MD5

    f20762c0377db6ca25f81e8ce6baae8a

  • SHA1

    4bb45f93b66611f467b47b70d11580ab72648079

  • SHA256

    8ed9cb4ffd0d99615a2f6c840a1d324ebd590b710de9620730622cff6fe5c464

  • SHA512

    e3a8c9c71dbd33be9351c01577fdc79edcdb9561ef46b976d3144749cbe1d3efc35d62942e42e9a6a7fc031308d66eea2f77122faf35e5da7786df653a9fc4f7

  • SSDEEP

    6144:2QvoWvJ1DapwvTygXUNVS4MGh1aBFrvz1xcxcWhgrt:2UPTyR1aBFrvz1xcxdgrt

Score
10/10
redlinesheroninfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      8ed9cb4ffd0d99615a2f6c840a1d324ebd590b710de9620730622cff6fe5c464

    • Size

      282KB

    • MD5

      f20762c0377db6ca25f81e8ce6baae8a

    • SHA1

      4bb45f93b66611f467b47b70d11580ab72648079

    • SHA256

      8ed9cb4ffd0d99615a2f6c840a1d324ebd590b710de9620730622cff6fe5c464

    • SHA512

      e3a8c9c71dbd33be9351c01577fdc79edcdb9561ef46b976d3144749cbe1d3efc35d62942e42e9a6a7fc031308d66eea2f77122faf35e5da7786df653a9fc4f7

    • SSDEEP

      6144:2QvoWvJ1DapwvTygXUNVS4MGh1aBFrvz1xcxcWhgrt:2UPTyR1aBFrvz1xcxdgrt

    Score
    10/10
    redlinesheroninfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks