Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a42e41db15284bb3e32ccc4def43d4e65b890686a097df8766678df3077aaee

  • Size

    1.3MB

  • Sample

    231112-vz2q2shd8v

  • MD5

    120de1f1df001496d871436417c53a55

  • SHA1

    d15ba5c8673d894165ca466631b9150b481ae2fa

  • SHA256

    1a42e41db15284bb3e32ccc4def43d4e65b890686a097df8766678df3077aaee

  • SHA512

    5ea37d3a76bf2676400c9af7d63091b680d668f53fd2539e9c66d165a770a3374ba4181145fbc0a2c0c1704902a14bf4d9b55999c991df34b7eb742fede8edf6

  • SSDEEP

    24576:mEyGz/K8yi3/DaeOIsQCmGjiYDVA1wKap0RQwdft4Bzpuf:AGWi+eN7TGx8abKft43

Score
10/10
mysticredlinetaigapaypalinfostealerpersistencephishingspywarestealer

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      1a42e41db15284bb3e32ccc4def43d4e65b890686a097df8766678df3077aaee

    • Size

      1.3MB

    • MD5

      120de1f1df001496d871436417c53a55

    • SHA1

      d15ba5c8673d894165ca466631b9150b481ae2fa

    • SHA256

      1a42e41db15284bb3e32ccc4def43d4e65b890686a097df8766678df3077aaee

    • SHA512

      5ea37d3a76bf2676400c9af7d63091b680d668f53fd2539e9c66d165a770a3374ba4181145fbc0a2c0c1704902a14bf4d9b55999c991df34b7eb742fede8edf6

    • SSDEEP

      24576:mEyGz/K8yi3/DaeOIsQCmGjiYDVA1wKap0RQwdft4Bzpuf:AGWi+eN7TGx8abKft43

    Score
    10/10
    mysticredlinetaigapaypalinfostealerpersistencephishingspywarestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

      phishingpaypal

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks