Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    694c63687361528f58c4fd4aa924272185654452b150277379c3196495b7f600

  • Size

    768KB

  • Sample

    230912-lgwbwaea53

  • MD5

    fde8ff5bee6f980f83a7ea022f65961f

  • SHA1

    4533878a3423be7526abd9cb1c41fcf405cf35b3

  • SHA256

    694c63687361528f58c4fd4aa924272185654452b150277379c3196495b7f600

  • SHA512

    1523c4c853cf09ef1600f88dcb9f078c5abec163627bea28c21118b642985f927a18def2c009045cdeafde8edf908b63ae0dc542704bea0bf8f9c89578e3dd9e

  • SSDEEP

    12288:3Mr3y90DzzSU6F1PzZDUWWXB4mXqq0salOwaFiIE2G7N/o78GU/5EF0wlNQ:IyEiVF1PzJWRH+aFe7N/08GUREFFC

Score
10/10
healerredlineviraddropperinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      694c63687361528f58c4fd4aa924272185654452b150277379c3196495b7f600

    • Size

      768KB

    • MD5

      fde8ff5bee6f980f83a7ea022f65961f

    • SHA1

      4533878a3423be7526abd9cb1c41fcf405cf35b3

    • SHA256

      694c63687361528f58c4fd4aa924272185654452b150277379c3196495b7f600

    • SHA512

      1523c4c853cf09ef1600f88dcb9f078c5abec163627bea28c21118b642985f927a18def2c009045cdeafde8edf908b63ae0dc542704bea0bf8f9c89578e3dd9e

    • SSDEEP

      12288:3Mr3y90DzzSU6F1PzZDUWWXB4mXqq0salOwaFiIE2G7N/o78GU/5EF0wlNQ:IyEiVF1PzJWRH+aFe7N/08GUREFFC

    Score
    10/10
    healerredlineviraddropperinfostealerpersistence

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks