Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc0aa103033d2ebea43863c76e9cfb645616affeb162db6cad1f78c922ad20c0

  • Size

    1.3MB

  • Sample

    231113-et59aaha8w

  • MD5

    bcb8a6dd0718c5b92fa8339f405e4321

  • SHA1

    800e0d7480311064c7135eb8e10b723afe2cfd0f

  • SHA256

    dc0aa103033d2ebea43863c76e9cfb645616affeb162db6cad1f78c922ad20c0

  • SHA512

    93802006f8c37787faa12f72014e5488afe44b5a0f58d46a21c0a0ff8b18cfaaae789f174c6f68ed7e9b7373611aba90719dbf9fb8927a893cf6b137cc050414

  • SSDEEP

    24576:1yvaK/7VVUuj24nraepIsqCgGe8/DMoUD/FM1/aCtcmrvg4MBQ6ka0A:Qv/Nq4ueSjxGb9UDNCcQjh

Score
10/10
mysticredlinetaigainfostealerpersistencespywarestealer

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      dc0aa103033d2ebea43863c76e9cfb645616affeb162db6cad1f78c922ad20c0

    • Size

      1.3MB

    • MD5

      bcb8a6dd0718c5b92fa8339f405e4321

    • SHA1

      800e0d7480311064c7135eb8e10b723afe2cfd0f

    • SHA256

      dc0aa103033d2ebea43863c76e9cfb645616affeb162db6cad1f78c922ad20c0

    • SHA512

      93802006f8c37787faa12f72014e5488afe44b5a0f58d46a21c0a0ff8b18cfaaae789f174c6f68ed7e9b7373611aba90719dbf9fb8927a893cf6b137cc050414

    • SSDEEP

      24576:1yvaK/7VVUuj24nraepIsqCgGe8/DMoUD/FM1/aCtcmrvg4MBQ6ka0A:Qv/Nq4ueSjxGb9UDNCcQjh

    Score
    10/10
    mysticredlinetaigainfostealerpersistencespywarestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks