Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcadc49c290e88f94067fcf0f27ac009532dc67cdf80783202e1757814068397

  • Size

    308KB

  • Sample

    230608-stg4cahb6y

  • MD5

    9225ad4681d505e7042f260aeeba8a0c

  • SHA1

    130e3e46b700798f519659c15006bab217030f42

  • SHA256

    fcadc49c290e88f94067fcf0f27ac009532dc67cdf80783202e1757814068397

  • SHA512

    43cd674c9a59b7e12d4ac01e15d80e16da5c422b7ef75e6f8fcb2ddfa475760b9eaa052cfc181c72cd73ca70bbf4096af5c63c95903d8123bacafd478a7065c9

  • SSDEEP

    6144:AJie0RFHWXwvTygXUNVS4MGh1aBFrvz1xcxcVtf0P:AJoRXyR1aBFrvz1xcxycP

Score
10/10
redlinesheroninfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      fcadc49c290e88f94067fcf0f27ac009532dc67cdf80783202e1757814068397

    • Size

      308KB

    • MD5

      9225ad4681d505e7042f260aeeba8a0c

    • SHA1

      130e3e46b700798f519659c15006bab217030f42

    • SHA256

      fcadc49c290e88f94067fcf0f27ac009532dc67cdf80783202e1757814068397

    • SHA512

      43cd674c9a59b7e12d4ac01e15d80e16da5c422b7ef75e6f8fcb2ddfa475760b9eaa052cfc181c72cd73ca70bbf4096af5c63c95903d8123bacafd478a7065c9

    • SSDEEP

      6144:AJie0RFHWXwvTygXUNVS4MGh1aBFrvz1xcxcVtf0P:AJoRXyR1aBFrvz1xcxycP

    Score
    10/10
    redlinesheroninfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks