Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    136s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    15-10-2021 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19104a9ebcb0d9a8e46f69ada3aca1595b8636a511fc9d3a163773c867eb3a27.exe

  • Size

    369KB

  • MD5

    76bcbce053176aff99e3e1a58ad0aa2f

  • SHA1

    6c646c59f5e9c4ba50e446b701bcd08d44ee0ef8

  • SHA256

    19104a9ebcb0d9a8e46f69ada3aca1595b8636a511fc9d3a163773c867eb3a27

  • SHA512

    96f4d48641a818ba460c953a8a65979c8ceffd318cecc907ff01b41f2d5924ae073e8d9721e46bfc9f500278b997f0e07075ca0314174e3e9f2257b66d7e800b

Score
10/10
redlinesewpalpdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

sewPalp

C2

185.215.113.29:24645

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19104a9ebcb0d9a8e46f69ada3aca1595b8636a511fc9d3a163773c867eb3a27.exe
    "C:\Users\Admin\AppData\Local\Temp\19104a9ebcb0d9a8e46f69ada3aca1595b8636a511fc9d3a163773c867eb3a27.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2492

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2492-116-0x00000000033E0000-0x0000000003410000-memory.dmp
    Filesize

    192KB

    Download
  • memory/2492-117-0x00000000034C0000-0x00000000034DF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/2492-118-0x0000000005FE0000-0x0000000005FE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-119-0x00000000038F0000-0x000000000390D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/2492-122-0x0000000005FD0000-0x0000000005FD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-121-0x0000000000400000-0x00000000016CF000-memory.dmp
    Filesize

    18.8MB

    Download
  • memory/2492-123-0x0000000005FD2000-0x0000000005FD3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-120-0x00000000064E0000-0x00000000064E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-124-0x0000000005FD3000-0x0000000005FD4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-125-0x0000000003A90000-0x0000000003A91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-126-0x0000000005E30000-0x0000000005E31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-127-0x0000000005F40000-0x0000000005F41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-128-0x0000000006AF0000-0x0000000006AF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-129-0x0000000005FD4000-0x0000000005FD6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2492-130-0x00000000076E0000-0x00000000076E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-131-0x00000000078B0000-0x00000000078B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-132-0x0000000007EE0000-0x0000000007EE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-133-0x0000000008240000-0x0000000008241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-134-0x0000000008340000-0x0000000008341000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-135-0x0000000008500000-0x0000000008501000-memory.dmp
    Filesize

    4KB

    Download