Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    25s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    25-07-2021 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f6bd429f0a5f2762658f181a8654016b1599edd08242f8b90689e47652ba6e5.exe

  • Size

    386KB

  • MD5

    2322804b8d184e80d018766484fe325a

  • SHA1

    737e5cfc3472026d0d37edc07c66e3e35290fa22

  • SHA256

    1f6bd429f0a5f2762658f181a8654016b1599edd08242f8b90689e47652ba6e5

  • SHA512

    95071c1968f855665d89f419d47e3931393d3deebe66212cee6f2f9cbb9cd73b6e190246af5f4296779347497e8544b63cf48be52e8cab03d57e1ab3f883a6d8

Score
10/10
redlinesewpalpadindiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f6bd429f0a5f2762658f181a8654016b1599edd08242f8b90689e47652ba6e5.exe
    "C:\Users\Admin\AppData\Local\Temp\1f6bd429f0a5f2762658f181a8654016b1599edd08242f8b90689e47652ba6e5.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3492-114-0x00000000021B0000-0x00000000021DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3492-115-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/3492-116-0x0000000002290000-0x00000000022AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3492-117-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-118-0x0000000004AF0000-0x0000000004B09000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3492-119-0x00000000051A0000-0x00000000051A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-121-0x0000000004C92000-0x0000000004C93000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-120-0x0000000004C90000-0x0000000004C91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-122-0x0000000004C93000-0x0000000004C94000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-123-0x0000000004BA0000-0x0000000004BA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-124-0x0000000004BC0000-0x0000000004BC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-125-0x0000000004C20000-0x0000000004C21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-126-0x0000000004C94000-0x0000000004C96000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3492-127-0x00000000058D0000-0x00000000058D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-128-0x00000000065B0000-0x00000000065B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-129-0x0000000006780000-0x0000000006781000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-130-0x0000000006DE0000-0x0000000006DE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-131-0x0000000007120000-0x0000000007121000-memory.dmp

    Filesize

    4KB

    Download