Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8c98f298402345de6ea70fa12269eb67babe6dea25440a084b3b3d7c67afc36

  • Size

    865KB

  • Sample

    230608-gsar4ach23

  • MD5

    76980f5b517f1090ce297664ea0d7465

  • SHA1

    65a843106e4365b1321181258c5d4f7d34fef4dc

  • SHA256

    b8c98f298402345de6ea70fa12269eb67babe6dea25440a084b3b3d7c67afc36

  • SHA512

    413356310b088ab29f362887885f735b16cc7e405a8aa0d3d853f2d6e51c357fa68d91ff2da47bc9ed698bc105046631e7deabbb7b4353095ac173d9ff3038b5

  • SSDEEP

    12288:eMray90Yytl+T4gA7U/XtGLnyx4EQe3bcy74hpF57wg/my1hu8LiHrt:YyGl6A7U/Xq5EX3bHMfRwgO6/iLt

Score
10/10
redlinelupaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

83.97.73.129:19068

Attributes
  • auth_value

    6a764aa41830c77712442516d143bc9c

Targets

    • Target

      b8c98f298402345de6ea70fa12269eb67babe6dea25440a084b3b3d7c67afc36

    • Size

      865KB

    • MD5

      76980f5b517f1090ce297664ea0d7465

    • SHA1

      65a843106e4365b1321181258c5d4f7d34fef4dc

    • SHA256

      b8c98f298402345de6ea70fa12269eb67babe6dea25440a084b3b3d7c67afc36

    • SHA512

      413356310b088ab29f362887885f735b16cc7e405a8aa0d3d853f2d6e51c357fa68d91ff2da47bc9ed698bc105046631e7deabbb7b4353095ac173d9ff3038b5

    • SSDEEP

      12288:eMray90Yytl+T4gA7U/XtGLnyx4EQe3bcy74hpF57wg/my1hu8LiHrt:YyGl6A7U/Xq5EX3bHMfRwgO6/iLt

    Score
    10/10
    redlinelupaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks