Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    19-10-2021 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24c034a82fde6df10be6dca2850e5ec6cd0113893974cf497b79885d117e9303.exe

  • Size

    364KB

  • MD5

    0c0cdf1349612e699ca21566e4149861

  • SHA1

    5f67ea078e7888a9b1d321178a209820dc5a8ac2

  • SHA256

    24c034a82fde6df10be6dca2850e5ec6cd0113893974cf497b79885d117e9303

  • SHA512

    149adb8b421f0de5dab4d139b4a2044dd18a8fa4f83e18078238dcda8def4a98ace9432d058e6794382501b9f3ee5e0a4660b61a82f2a3fa0c50f4cb191c166b

Score
10/10
redlineudpdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24c034a82fde6df10be6dca2850e5ec6cd0113893974cf497b79885d117e9303.exe
    "C:\Users\Admin\AppData\Local\Temp\24c034a82fde6df10be6dca2850e5ec6cd0113893974cf497b79885d117e9303.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2680

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2680-116-0x0000000003050000-0x000000000319A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2680-117-0x0000000000400000-0x0000000002F23000-memory.dmp

    Filesize

    43.1MB

    Download

  • memory/2680-118-0x0000000004E60000-0x0000000004E7F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2680-120-0x00000000076B2000-0x00000000076B3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-119-0x00000000076B0000-0x00000000076B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-121-0x00000000076B3000-0x00000000076B4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-122-0x00000000076C0000-0x00000000076C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-123-0x0000000007590000-0x00000000075AD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2680-124-0x0000000007BC0000-0x0000000007BC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-125-0x0000000007640000-0x0000000007641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-126-0x00000000081D0000-0x00000000081D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-127-0x0000000007670000-0x0000000007671000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-128-0x00000000076B4000-0x00000000076B6000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2680-129-0x0000000008320000-0x0000000008321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-130-0x0000000008F40000-0x0000000008F41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-131-0x0000000009110000-0x0000000009111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-132-0x0000000009740000-0x0000000009741000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-133-0x0000000009850000-0x0000000009851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-134-0x0000000009910000-0x0000000009911000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-135-0x0000000009A90000-0x0000000009A91000-memory.dmp

    Filesize

    4KB

    Download