Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    86s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a37472da0078857b95005fa34536d59f814c51ccca2bbbe2d00f33918bed187.exe

  • Size

    240KB

  • MD5

    79dd4807c1ea556e971485411ded02c4

  • SHA1

    1c39048c99f4b970a7d03da25a8421c511fae136

  • SHA256

    9a37472da0078857b95005fa34536d59f814c51ccca2bbbe2d00f33918bed187

  • SHA512

    b24f1a2716264f9f906db114914f9c0c2a969af4481516aa3ae0d141a52a142fc4376edb7c530d375780803c3b4e25e3ec7bc83095042d1e181a1bf558cfc126

Score
10/10
redlineudpdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a37472da0078857b95005fa34536d59f814c51ccca2bbbe2d00f33918bed187.exe
    "C:\Users\Admin\AppData\Local\Temp\9a37472da0078857b95005fa34536d59f814c51ccca2bbbe2d00f33918bed187.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3704

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3704-115-0x00000000021E0000-0x0000000002210000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3704-116-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/3704-117-0x0000000002360000-0x000000000237F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3704-118-0x0000000004CE0000-0x0000000004CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-119-0x00000000026A0000-0x00000000026BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3704-120-0x00000000051E0000-0x00000000051E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-121-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-122-0x00000000057F0000-0x00000000057F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-123-0x0000000004C10000-0x0000000004C11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-126-0x0000000004CD3000-0x0000000004CD4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-125-0x0000000004CD2000-0x0000000004CD3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-124-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-127-0x0000000004CD4000-0x0000000004CD6000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3704-128-0x0000000005900000-0x0000000005901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-129-0x0000000006AE0000-0x0000000006AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-130-0x0000000006CB0000-0x0000000006CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-131-0x00000000072D0000-0x00000000072D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-132-0x00000000073A0000-0x00000000073A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-133-0x00000000075C0000-0x00000000075C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3704-134-0x0000000007630000-0x0000000007631000-memory.dmp

    Filesize

    4KB

    Download