Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    109s
  • max time network
    138s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    22-10-2021 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8840d8c54b58cc29c57916919906a81fff6bca7bede7c6d5b08a363359ff3582.exe

  • Size

    452KB

  • MD5

    d08c7505d9deda3037398a2bddec6e49

  • SHA1

    c35417022f575351d7b634aaa297d2e456887a7f

  • SHA256

    8840d8c54b58cc29c57916919906a81fff6bca7bede7c6d5b08a363359ff3582

  • SHA512

    94e88d77a383f657233d3777dcb313cd23f10d4042aa3472c92c0082a706098235f29722e2262a4f3e7ec48cdaa796558d611ba8607340208aa1296162280e9e

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8840d8c54b58cc29c57916919906a81fff6bca7bede7c6d5b08a363359ff3582.exe
    "C:\Users\Admin\AppData\Local\Temp\8840d8c54b58cc29c57916919906a81fff6bca7bede7c6d5b08a363359ff3582.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1036

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1036-115-0x0000000000B06000-0x0000000000B32000-memory.dmp
    Filesize

    176KB

    Download
  • memory/1036-116-0x0000000000A10000-0x0000000000A54000-memory.dmp
    Filesize

    272KB

    Download
  • memory/1036-117-0x0000000000400000-0x00000000008A0000-memory.dmp
    Filesize

    4.6MB

    Download
  • memory/1036-118-0x0000000002710000-0x000000000273D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/1036-119-0x0000000005230000-0x0000000005231000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-120-0x0000000002AE0000-0x0000000002B0B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1036-121-0x0000000005730000-0x0000000005731000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-123-0x0000000005222000-0x0000000005223000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-122-0x0000000005220000-0x0000000005221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-124-0x0000000005223000-0x0000000005224000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-125-0x0000000002CA0000-0x0000000002CA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-126-0x0000000005060000-0x0000000005061000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-127-0x0000000002CD0000-0x0000000002CD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-128-0x0000000005224000-0x0000000005226000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1036-129-0x00000000051B0000-0x00000000051B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-130-0x0000000005F60000-0x0000000005F61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-131-0x0000000005FE0000-0x0000000005FE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-132-0x00000000060D0000-0x00000000060D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-133-0x0000000006260000-0x0000000006261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-134-0x0000000007650000-0x0000000007651000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-135-0x0000000006AC0000-0x0000000006AC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1036-136-0x00000000077E0000-0x00000000077E1000-memory.dmp
    Filesize

    4KB

    Download