Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5

  • Size

    769KB

  • Sample

    230912-m1hqkaed78

  • MD5

    baac7bc6698e5bee7dbc5d0cfb419149

  • SHA1

    0048b2f882271bec2a2f51b00969e3d13dfb79f8

  • SHA256

    c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5

  • SHA512

    a5ffaea9abcf9c37627d47af6ed1b1c393d0cddb3b83be89dc6ddca68bbdf91a4d2696982a36a48b4a6d7d7e4afdfaa6b1f576c80ad42ef91bf4993d566931a9

  • SSDEEP

    12288:hMrdy908L4Mvc62NQ1uZ1joZoIvpR1pTvZFE+fqct0Rn5X6r9v+N3SdDaNGJ:kyN4CciuZhoZrvrBy2qctcRM0CdoGJ

Score
10/10
healerredlineladadropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

lada

C2

77.91.124.82:19071

Attributes
  • auth_value

    252f78fed0684205b098417688fa33e2

Targets

    • Target

      c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5

    • Size

      769KB

    • MD5

      baac7bc6698e5bee7dbc5d0cfb419149

    • SHA1

      0048b2f882271bec2a2f51b00969e3d13dfb79f8

    • SHA256

      c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5

    • SHA512

      a5ffaea9abcf9c37627d47af6ed1b1c393d0cddb3b83be89dc6ddca68bbdf91a4d2696982a36a48b4a6d7d7e4afdfaa6b1f576c80ad42ef91bf4993d566931a9

    • SSDEEP

      12288:hMrdy908L4Mvc62NQ1uZ1joZoIvpR1pTvZFE+fqct0Rn5X6r9v+N3SdDaNGJ:kyN4CciuZhoZrvrBy2qctcRM0CdoGJ

    Score
    10/10
    healerredlineladadropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks