Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    80s
  • max time network
    118s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    09-10-2021 07:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02699d82bbb4b85d9785a6cd83fd639382ffb848d2a4abcadf503a5b766c5af6.exe

  • Size

    262KB

  • MD5

    2de272153c37cee822122eec4ad0169d

  • SHA1

    ab981e60474d8315283d605cfbc337b687fd33d5

  • SHA256

    02699d82bbb4b85d9785a6cd83fd639382ffb848d2a4abcadf503a5b766c5af6

  • SHA512

    3c7ad685bf139b28fade2044414fc00aef589817b649ffd00f1f0c5cfbc8a934a2a353a3e06ac412ce0e489be0a7d16b079753ba19cba65ffc2c4f78a25522e1

Score
10/10
redlinez0rm1ondiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

z0rm1on

C2

185.215.113.94:54621

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02699d82bbb4b85d9785a6cd83fd639382ffb848d2a4abcadf503a5b766c5af6.exe
    "C:\Users\Admin\AppData\Local\Temp\02699d82bbb4b85d9785a6cd83fd639382ffb848d2a4abcadf503a5b766c5af6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2180

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2180-115-0x0000000000900000-0x0000000000901000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-117-0x0000000005310000-0x0000000005311000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-118-0x00000000051F0000-0x00000000051F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-119-0x0000000005EF0000-0x0000000005F13000-memory.dmp
    Filesize

    140KB

    Download
  • memory/2180-120-0x0000000005F20000-0x0000000005F3C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/2180-121-0x0000000006550000-0x0000000006551000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-122-0x0000000005FE0000-0x0000000005FE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-123-0x0000000006110000-0x0000000006111000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-124-0x0000000006040000-0x0000000006041000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-125-0x0000000006080000-0x0000000006081000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-126-0x0000000006D30000-0x0000000006D31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-127-0x0000000007430000-0x0000000007431000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-128-0x0000000007960000-0x0000000007961000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-129-0x0000000006BD0000-0x0000000006BD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-130-0x0000000007100000-0x0000000007101000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-131-0x0000000007220000-0x0000000007221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-132-0x00000000071A0000-0x00000000071A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2180-133-0x0000000007380000-0x0000000007381000-memory.dmp
    Filesize

    4KB

    Download