Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79c4f2f2536f9c1b22a4abfe8d8ce14c35cfc6ecdf7c2113fd9b5f163fdb60fb

  • Size

    308KB

  • Sample

    230608-r15bsagb25

  • MD5

    5e7d5478670dd9951da9d56be9c3174a

  • SHA1

    1aae6890600860240fb7001241e1a0d08ec6ec5b

  • SHA256

    79c4f2f2536f9c1b22a4abfe8d8ce14c35cfc6ecdf7c2113fd9b5f163fdb60fb

  • SHA512

    eddc8210eb56cbe401e1badd152b2ee7b4f97740b85b302fc19cfed2349a5df9f650f33ad7dbcccd07255092ab8c3775daebcfe06cc95d4413ce3b7c5f7b776c

  • SSDEEP

    6144:VJieURFHj6XwvTygXUNVS4MGh1aBFrvz1xcxcVt7PN:VJIRxxyR1aBFrvz1xcxy7PN

Score
10/10
redlinesheroninfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      79c4f2f2536f9c1b22a4abfe8d8ce14c35cfc6ecdf7c2113fd9b5f163fdb60fb

    • Size

      308KB

    • MD5

      5e7d5478670dd9951da9d56be9c3174a

    • SHA1

      1aae6890600860240fb7001241e1a0d08ec6ec5b

    • SHA256

      79c4f2f2536f9c1b22a4abfe8d8ce14c35cfc6ecdf7c2113fd9b5f163fdb60fb

    • SHA512

      eddc8210eb56cbe401e1badd152b2ee7b4f97740b85b302fc19cfed2349a5df9f650f33ad7dbcccd07255092ab8c3775daebcfe06cc95d4413ce3b7c5f7b776c

    • SSDEEP

      6144:VJieURFHj6XwvTygXUNVS4MGh1aBFrvz1xcxcVt7PN:VJIRxxyR1aBFrvz1xcxy7PN

    Score
    10/10
    redlinesheroninfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks