Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    23-10-2021 11:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a640bac6abe6ce8483abdd43ec8a0230d00c6e106318cfef42f89c8793176876.exe

  • Size

    406KB

  • MD5

    111daf74babf12f2f2be67bfb12776d2

  • SHA1

    ef55ef2a74c9a262f34b7eb23acf079429a0a239

  • SHA256

    a640bac6abe6ce8483abdd43ec8a0230d00c6e106318cfef42f89c8793176876

  • SHA512

    cf93fd55246565c78d373ff2dcefe2557ce1ff7df3472e24f039855a03de3225336b79b1b8448a7ca9f04b3b4064f175efd7e2a104850566b67737447d2d1184

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a640bac6abe6ce8483abdd43ec8a0230d00c6e106318cfef42f89c8793176876.exe
    "C:\Users\Admin\AppData\Local\Temp\a640bac6abe6ce8483abdd43ec8a0230d00c6e106318cfef42f89c8793176876.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2864

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2864-115-0x0000000000B01000-0x0000000000B24000-memory.dmp
    Filesize

    140KB

    Download
  • memory/2864-116-0x00000000001C0000-0x00000000001F0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/2864-117-0x0000000000400000-0x0000000000895000-memory.dmp
    Filesize

    4.6MB

    Download
  • memory/2864-118-0x0000000000AB0000-0x0000000000ACC000-memory.dmp
    Filesize

    112KB

    Download
  • memory/2864-119-0x0000000005050000-0x0000000005051000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-120-0x0000000002800000-0x000000000281B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/2864-121-0x0000000005550000-0x0000000005551000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-122-0x0000000004E70000-0x0000000004E71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-123-0x0000000004EA0000-0x0000000004EA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-124-0x0000000004FB0000-0x0000000004FB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-126-0x0000000005042000-0x0000000005043000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-125-0x0000000005040000-0x0000000005041000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-127-0x0000000005043000-0x0000000005044000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-128-0x0000000005044000-0x0000000005046000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2864-129-0x0000000005B60000-0x0000000005B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-130-0x0000000005DE0000-0x0000000005DE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-131-0x0000000005E80000-0x0000000005E81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-132-0x0000000005F60000-0x0000000005F61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-133-0x0000000006100000-0x0000000006101000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-134-0x0000000006800000-0x0000000006801000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2864-135-0x00000000069D0000-0x00000000069D1000-memory.dmp
    Filesize

    4KB

    Download