Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    88s
  • max time network
    91s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    26-09-2021 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e29eb966532c84199385d0e16c3c293267b1cd3f29d70b16bf7f3192089b0e1.exe

  • Size

    238KB

  • MD5

    18b7b8fc428c28bc545674bb1e7bae25

  • SHA1

    f67472149291f1b551fdbbef82cd9c3870e570bf

  • SHA256

    6e29eb966532c84199385d0e16c3c293267b1cd3f29d70b16bf7f3192089b0e1

  • SHA512

    9000b06536a69e5bfc3ce525a0069b8d2b2363a2122b51dee6bdd02691f139306677d7090bd8f63682dc0cf44dcefa816d4ddae28e1e5ba956dcfe79dad0c489

Score
10/10
redlineutsdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.20:13441

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e29eb966532c84199385d0e16c3c293267b1cd3f29d70b16bf7f3192089b0e1.exe
    "C:\Users\Admin\AppData\Local\Temp\6e29eb966532c84199385d0e16c3c293267b1cd3f29d70b16bf7f3192089b0e1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3492-114-0x0000000000800000-0x0000000000830000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3492-115-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/3492-116-0x00000000022C0000-0x00000000022DF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3492-118-0x0000000004D22000-0x0000000004D23000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-117-0x0000000004D20000-0x0000000004D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-119-0x0000000004D23000-0x0000000004D24000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-120-0x0000000004D30000-0x0000000004D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-121-0x00000000025C0000-0x00000000025DE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3492-122-0x0000000005230000-0x0000000005231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-123-0x0000000002680000-0x0000000002681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-124-0x0000000005840000-0x0000000005841000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-125-0x0000000004C20000-0x0000000004C21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-126-0x0000000004D24000-0x0000000004D26000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3492-127-0x0000000004C90000-0x0000000004C91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-128-0x0000000006AE0000-0x0000000006AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-129-0x0000000006CB0000-0x0000000006CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-130-0x00000000072D0000-0x00000000072D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-131-0x00000000073F0000-0x00000000073F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-132-0x0000000005F50000-0x0000000005F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3492-133-0x00000000075C0000-0x00000000075C1000-memory.dmp

    Filesize

    4KB

    Download