Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55ba1a8dbb38cee7ae183649ff99dafe9babd3a33e2b4a0fcfb2b3e923f43251.exe

  • Size

    239KB

  • MD5

    e3acfa8c179f5d01e9ec0c8d76bca030

  • SHA1

    ef9648bb29f5fa8ecf5de0c202f2961d150f3a3d

  • SHA256

    55ba1a8dbb38cee7ae183649ff99dafe9babd3a33e2b4a0fcfb2b3e923f43251

  • SHA512

    139a5a94bd16cd33a1338e97739884b3fa0575f31efdcacbff1c939203660cd966fe82621855627bca43d368919589b8a0692cbc72602970acadab1875e719e5

Score
10/10
redlinepubdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.20:13441

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55ba1a8dbb38cee7ae183649ff99dafe9babd3a33e2b4a0fcfb2b3e923f43251.exe
    "C:\Users\Admin\AppData\Local\Temp\55ba1a8dbb38cee7ae183649ff99dafe9babd3a33e2b4a0fcfb2b3e923f43251.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2160

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2160-116-0x0000000000400000-0x00000000004C3000-memory.dmp
    Filesize

    780KB

    Download
  • memory/2160-115-0x0000000000610000-0x000000000075A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/2160-117-0x0000000004E00000-0x0000000004E01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-118-0x0000000002330000-0x000000000234F000-memory.dmp
    Filesize

    124KB

    Download
  • memory/2160-119-0x0000000004E10000-0x0000000004E11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-120-0x00000000024C0000-0x00000000024DE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/2160-121-0x0000000005310000-0x0000000005311000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-122-0x0000000002780000-0x0000000002781000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-123-0x0000000004CB0000-0x0000000004CB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-124-0x00000000028C0000-0x00000000028C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-125-0x0000000005920000-0x0000000005921000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-127-0x0000000004E03000-0x0000000004E04000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-126-0x0000000004E02000-0x0000000004E03000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-128-0x0000000004E04000-0x0000000004E06000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2160-129-0x0000000006AE0000-0x0000000006AE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-130-0x0000000006CB0000-0x0000000006CB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-131-0x00000000072D0000-0x00000000072D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-132-0x0000000007660000-0x0000000007661000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-133-0x0000000007760000-0x0000000007761000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-134-0x0000000007720000-0x0000000007721000-memory.dmp
    Filesize

    4KB

    Download