Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    101s
  • max time network
    114s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    14-09-2021 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6a6c9978ed365583d452a7ae13b2ad992bf61093dbe249a5ddbb35d75b2433f.exe

  • Size

    371KB

  • MD5

    9d8123347e8a40e913eaafe295420fbe

  • SHA1

    27135c12b82757683393d09d6a9555d12c1421f8

  • SHA256

    b6a6c9978ed365583d452a7ae13b2ad992bf61093dbe249a5ddbb35d75b2433f

  • SHA512

    0f4b5d71568125bae3102d63eeb701b8e7d15ae315f07b970ecc9cd9a0d61945ed1241e56f171b573447aa24125170712221af65ed904f7ab42e9b8116adcdb4

Score
10/10
redline10fkdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

10fk

C2

185.45.192.203:80

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6a6c9978ed365583d452a7ae13b2ad992bf61093dbe249a5ddbb35d75b2433f.exe
    "C:\Users\Admin\AppData\Local\Temp\b6a6c9978ed365583d452a7ae13b2ad992bf61093dbe249a5ddbb35d75b2433f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4800

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4800-114-0x0000000001930000-0x0000000001960000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4800-115-0x0000000000400000-0x0000000001794000-memory.dmp
    Filesize

    19.6MB

    Download
  • memory/4800-116-0x0000000003690000-0x00000000036AF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4800-117-0x0000000006100000-0x0000000006101000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-118-0x0000000006110000-0x0000000006111000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-119-0x0000000003870000-0x000000000388E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4800-120-0x0000000006610000-0x0000000006611000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-121-0x0000000006102000-0x0000000006103000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-122-0x0000000006103000-0x0000000006104000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-123-0x0000000003B10000-0x0000000003B11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-124-0x0000000005F10000-0x0000000005F11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-125-0x0000000006020000-0x0000000006021000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-126-0x0000000006104000-0x0000000006106000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4800-127-0x0000000006070000-0x0000000006071000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-128-0x0000000007DB0000-0x0000000007DB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-129-0x0000000007F80000-0x0000000007F81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-130-0x00000000085A0000-0x00000000085A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-131-0x0000000008890000-0x0000000008891000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-132-0x0000000008980000-0x0000000008981000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-133-0x0000000008A60000-0x0000000008A61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4800-134-0x00000000098C0000-0x00000000098C1000-memory.dmp
    Filesize

    4KB

    Download