Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5547b2813bccd816bc0ccb00564737a46407e34912105b2703e19390768887e

  • Size

    773KB

  • Sample

    230608-mm4qwaec76

  • MD5

    bdcc36ea3621040799270f47d16edf83

  • SHA1

    e2ba36a884c3490688928a0e156ba7a21f07e780

  • SHA256

    d5547b2813bccd816bc0ccb00564737a46407e34912105b2703e19390768887e

  • SHA512

    17a8a94f259d66999cd68c023af0a63219a1fffe0e1abc0d78c0d810fcd99778a43a214d5ce1d45fc2eb4cae6cd460b725dcc84f3d9487372871775928951d64

  • SSDEEP

    24576:RyIr4aRcI8iYlwngnKkB+j5+peiCafMlg:ES4st8hWM+j0peiCafMl

Score
10/10
redlinemaxievasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.129:19068

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      d5547b2813bccd816bc0ccb00564737a46407e34912105b2703e19390768887e

    • Size

      773KB

    • MD5

      bdcc36ea3621040799270f47d16edf83

    • SHA1

      e2ba36a884c3490688928a0e156ba7a21f07e780

    • SHA256

      d5547b2813bccd816bc0ccb00564737a46407e34912105b2703e19390768887e

    • SHA512

      17a8a94f259d66999cd68c023af0a63219a1fffe0e1abc0d78c0d810fcd99778a43a214d5ce1d45fc2eb4cae6cd460b725dcc84f3d9487372871775928951d64

    • SSDEEP

      24576:RyIr4aRcI8iYlwngnKkB+j5+peiCafMlg:ES4st8hWM+j0peiCafMl

    Score
    10/10
    redlinemaxievasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks