Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3755876e0345e1ac9868b55f5d5b9c8d9657dffbb0cb24906e7383838f3b9f9

  • Size

    1.0MB

  • Sample

    230911-mzv99sfd7y

  • MD5

    158a94b9df586a41405a4cab2fda599d

  • SHA1

    5e1434b6bb686d6e8a17fa42d0d24c929ccca0f2

  • SHA256

    e3755876e0345e1ac9868b55f5d5b9c8d9657dffbb0cb24906e7383838f3b9f9

  • SHA512

    e62ef0835a562dbdec3d69a7270c3b73cafe2f9f2fde929ffc709857a598eb7be682f8d98c68ac35d52e5d46b7ecb292ad6ab42fd7444523cf01f16200bb42ee

  • SSDEEP

    24576:wlG6VugrdGAYF7AVkIk3TDcUprdIvd7xFNpoUmrDh:yugrdGAO7KkzXp8d7xFNpPGDh

Score
10/10
redlineamadey_apiinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

amadey_api

C2

amadapi.tuktuk.ug:11290

Attributes
  • auth_value

    a004bea47cf55a1c8841d46c3fe3e6f5

Targets

    • Target

      e3755876e0345e1ac9868b55f5d5b9c8d9657dffbb0cb24906e7383838f3b9f9

    • Size

      1.0MB

    • MD5

      158a94b9df586a41405a4cab2fda599d

    • SHA1

      5e1434b6bb686d6e8a17fa42d0d24c929ccca0f2

    • SHA256

      e3755876e0345e1ac9868b55f5d5b9c8d9657dffbb0cb24906e7383838f3b9f9

    • SHA512

      e62ef0835a562dbdec3d69a7270c3b73cafe2f9f2fde929ffc709857a598eb7be682f8d98c68ac35d52e5d46b7ecb292ad6ab42fd7444523cf01f16200bb42ee

    • SSDEEP

      24576:wlG6VugrdGAYF7AVkIk3TDcUprdIvd7xFNpoUmrDh:yugrdGAO7KkzXp8d7xFNpPGDh

    Score
    10/10
    redlineamadey_apiinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks