Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    123s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    19-10-2021 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83a3410458dc24f2be30b6f7be0f41008c07e5b9b8808f7157a86a3faadfbd95.exe

  • Size

    338KB

  • MD5

    195d2a61c26dcdbfae8be2384fd7eef4

  • SHA1

    58b71fd3fc07e2725757fd4e642900f449466e14

  • SHA256

    83a3410458dc24f2be30b6f7be0f41008c07e5b9b8808f7157a86a3faadfbd95

  • SHA512

    93875065842e459c1e41eeba69ea38103789cda5cdcd01c429f7caef15650a12f45984de16e38699c8d1cfa460d1b39c948a5a7e434ee0291b7f51d93f95339d

Score
10/10
redlineudpdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83a3410458dc24f2be30b6f7be0f41008c07e5b9b8808f7157a86a3faadfbd95.exe
    "C:\Users\Admin\AppData\Local\Temp\83a3410458dc24f2be30b6f7be0f41008c07e5b9b8808f7157a86a3faadfbd95.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2352

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2352-115-0x0000000003229000-0x000000000324C000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2352-116-0x0000000003190000-0x00000000031C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2352-117-0x0000000004DA0000-0x0000000004DBF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2352-118-0x0000000007800000-0x0000000007801000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-119-0x0000000004F60000-0x0000000004F7D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2352-120-0x0000000007D00000-0x0000000007D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-121-0x0000000005120000-0x0000000005121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-122-0x0000000008310000-0x0000000008311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-123-0x0000000000400000-0x0000000002F1C000-memory.dmp

    Filesize

    43.1MB

    Download

  • memory/2352-125-0x00000000077F2000-0x00000000077F3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-124-0x00000000077F0000-0x00000000077F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-126-0x00000000077F3000-0x00000000077F4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-127-0x00000000077F4000-0x00000000077F6000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2352-128-0x0000000005160000-0x0000000005161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-129-0x0000000007720000-0x0000000007721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-130-0x0000000008F30000-0x0000000008F31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-131-0x0000000009100000-0x0000000009101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-132-0x0000000009730000-0x0000000009731000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-133-0x0000000009840000-0x0000000009841000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-134-0x0000000009900000-0x0000000009901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-135-0x0000000009A80000-0x0000000009A81000-memory.dmp

    Filesize

    4KB

    Download