Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff641195ccddddfea2dd81964df3da475939123ae9c4717fabdc768e641de096

  • Size

    658KB

  • Sample

    230912-l7dvhseb98

  • MD5

    2054391dff429e9fc3972b14e99b4d73

  • SHA1

    cd4e8c2d0573985fc4e0e33a5ecce53732473944

  • SHA256

    ff641195ccddddfea2dd81964df3da475939123ae9c4717fabdc768e641de096

  • SHA512

    c646a86c2cbdb84ead0e7cb7c69d11825381685239bd67bd2bb526813a5607d04135f7c1ee8f4b32e85096f85d0d2de6953fa1cb0b0b272c5abb742b0c1180e6

  • SSDEEP

    12288:iMr6y90ZmNaRNBpnrpKi8zB04zZP4ylH/bLrOC5ZwA+UaDCLIoza:8yimevnr+ze+5lH/DOC52VjDCLRa

Score
10/10
redlineviradinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      ff641195ccddddfea2dd81964df3da475939123ae9c4717fabdc768e641de096

    • Size

      658KB

    • MD5

      2054391dff429e9fc3972b14e99b4d73

    • SHA1

      cd4e8c2d0573985fc4e0e33a5ecce53732473944

    • SHA256

      ff641195ccddddfea2dd81964df3da475939123ae9c4717fabdc768e641de096

    • SHA512

      c646a86c2cbdb84ead0e7cb7c69d11825381685239bd67bd2bb526813a5607d04135f7c1ee8f4b32e85096f85d0d2de6953fa1cb0b0b272c5abb742b0c1180e6

    • SSDEEP

      12288:iMr6y90ZmNaRNBpnrpKi8zB04zZP4ylH/bLrOC5ZwA+UaDCLIoza:8yimevnr+ze+5lH/DOC52VjDCLRa

    Score
    10/10
    redlineviradinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks