Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbf290cffa96796204e7af848bf7af7b645594b9aa696376db2a5b5dc44e727e

  • Size

    1MB

  • Sample

    231121-ddhbvabg27

  • MD5

    6d6b06cb954989005ad0d76d79e48107

  • SHA1

    b22f2aa831e25c9b1cab12ef964ec6d9244ebb2f

  • SHA256

    fbf290cffa96796204e7af848bf7af7b645594b9aa696376db2a5b5dc44e727e

  • SHA512

    23bc35ebc6bd58ee47eebec6f728a574f9bbb8d4aa14eb581954212e77fb7c987b492f7702bd47fc0f73a67446ac914aec01916c267cd617bb57adbf0a4c5022

  • SSDEEP

    24576:PySanbBJIQE3jEwJgwqqYFsY8iRPXSyEOqEQO1KHhDGTvCZi6:aSanbBlEkqYciRMd8AZGTaZ

Score
10/10
privateloaderredlineriseprohordainfostealerloaderpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      fbf290cffa96796204e7af848bf7af7b645594b9aa696376db2a5b5dc44e727e

    • Size

      1MB

    • MD5

      6d6b06cb954989005ad0d76d79e48107

    • SHA1

      b22f2aa831e25c9b1cab12ef964ec6d9244ebb2f

    • SHA256

      fbf290cffa96796204e7af848bf7af7b645594b9aa696376db2a5b5dc44e727e

    • SHA512

      23bc35ebc6bd58ee47eebec6f728a574f9bbb8d4aa14eb581954212e77fb7c987b492f7702bd47fc0f73a67446ac914aec01916c267cd617bb57adbf0a4c5022

    • SSDEEP

      24576:PySanbBJIQE3jEwJgwqqYFsY8iRPXSyEOqEQO1KHhDGTvCZi6:aSanbBlEkqYciRMd8AZGTaZ

    Score
    10/10
    privateloaderredlineriseprohordainfostealerloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks