Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31dbef5b174d7e65300179388af5fc81203540a983d96375ae2a46ec91ca8858

  • Size

    662KB

  • Sample

    230912-l1p9zabe9s

  • MD5

    5eb9c38e6f6047b06d0f2d15713261d7

  • SHA1

    f9e6fc8616519a21d617b8a8fe4c201aaa41e855

  • SHA256

    31dbef5b174d7e65300179388af5fc81203540a983d96375ae2a46ec91ca8858

  • SHA512

    0c5fd3ea381669370f1459327e446d541a442d494acd2cb877aa9a2d961a7bad568c1b9e11127b232480b62557cef50aca7d91045e961811ec0e3af1c0de2dee

  • SSDEEP

    12288:aMrUy90UAe9QB+ivK+T9BTWO4l4b2NGy+yrfRC7mUmevXIiTrT0t9upAj:6yvA4VULb4l9r+yr5KmUHvXTTrT03aQ

Score
10/10
redlineviradinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      31dbef5b174d7e65300179388af5fc81203540a983d96375ae2a46ec91ca8858

    • Size

      662KB

    • MD5

      5eb9c38e6f6047b06d0f2d15713261d7

    • SHA1

      f9e6fc8616519a21d617b8a8fe4c201aaa41e855

    • SHA256

      31dbef5b174d7e65300179388af5fc81203540a983d96375ae2a46ec91ca8858

    • SHA512

      0c5fd3ea381669370f1459327e446d541a442d494acd2cb877aa9a2d961a7bad568c1b9e11127b232480b62557cef50aca7d91045e961811ec0e3af1c0de2dee

    • SSDEEP

      12288:aMrUy90UAe9QB+ivK+T9BTWO4l4b2NGy+yrfRC7mUmevXIiTrT0t9upAj:6yvA4VULb4l9r+yr5KmUHvXTTrT03aQ

    Score
    10/10
    redlineviradinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks