Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ca575e39211427c848e869219effb21f3109b814e6f70a46b060be12b78fb16

  • Size

    663KB

  • Sample

    230912-lnpgxabd81

  • MD5

    178b3bb2e2ffef7e1450eac7a9792411

  • SHA1

    2022f97bb030e50eba5518e0abe20b1fe3e5e1a3

  • SHA256

    0ca575e39211427c848e869219effb21f3109b814e6f70a46b060be12b78fb16

  • SHA512

    f511dfec6d4f16334df23d0319b5ef9cff17a732e6a46628f49d9784d0babfde039e120b922c158d84b29725617e04b6f8da2d9a185a1e04e170c66154771425

  • SSDEEP

    12288:hMrwy90zqQI/KYE57nqm5FOJDWqh5d1aCjA8mC2dl5bDoetNKogM2:JykNI/KN5z1rONT3DUO2pbDoWNKfv

Score
10/10
redlineviradinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      0ca575e39211427c848e869219effb21f3109b814e6f70a46b060be12b78fb16

    • Size

      663KB

    • MD5

      178b3bb2e2ffef7e1450eac7a9792411

    • SHA1

      2022f97bb030e50eba5518e0abe20b1fe3e5e1a3

    • SHA256

      0ca575e39211427c848e869219effb21f3109b814e6f70a46b060be12b78fb16

    • SHA512

      f511dfec6d4f16334df23d0319b5ef9cff17a732e6a46628f49d9784d0babfde039e120b922c158d84b29725617e04b6f8da2d9a185a1e04e170c66154771425

    • SSDEEP

      12288:hMrwy90zqQI/KYE57nqm5FOJDWqh5d1aCjA8mC2dl5bDoetNKogM2:JykNI/KN5z1rONT3DUO2pbDoWNKfv

    Score
    10/10
    redlineviradinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks