Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    74s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    24-10-2021 09:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0805245691bdbc9bb428f080a334f33e53a1c960b4b1bbf79142deaaf5945b61.exe

  • Size

    407KB

  • MD5

    44f21c76097a8025fb92fee3f45c95e1

  • SHA1

    4749bf96b319ce94efed249c33235deb23707d2c

  • SHA256

    0805245691bdbc9bb428f080a334f33e53a1c960b4b1bbf79142deaaf5945b61

  • SHA512

    50ad7ac6811bee5fdac78898b0b293b941fd95327c180439672bffed8ee9f96d8b4b7aaac9bc58723968f3e8ec13a612705f8cdf1b1eaacd74be200795c15546

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0805245691bdbc9bb428f080a334f33e53a1c960b4b1bbf79142deaaf5945b61.exe
    "C:\Users\Admin\AppData\Local\Temp\0805245691bdbc9bb428f080a334f33e53a1c960b4b1bbf79142deaaf5945b61.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4324

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4324-116-0x00000000001C0000-0x00000000001F0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4324-117-0x0000000000400000-0x0000000001036000-memory.dmp
    Filesize

    12.2MB

    Download
  • memory/4324-118-0x0000000002D90000-0x0000000002DAC000-memory.dmp
    Filesize

    112KB

    Download
  • memory/4324-119-0x0000000005780000-0x0000000005781000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-120-0x0000000005770000-0x0000000005771000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-121-0x0000000005772000-0x0000000005773000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-122-0x0000000005773000-0x0000000005774000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-123-0x0000000002F00000-0x0000000002F1B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/4324-124-0x0000000005C80000-0x0000000005C81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-125-0x0000000003290000-0x0000000003291000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-126-0x00000000062D0000-0x00000000062D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-127-0x0000000005774000-0x0000000005776000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4324-128-0x0000000006420000-0x0000000006421000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-129-0x0000000006460000-0x0000000006461000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-130-0x00000000065C0000-0x00000000065C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-131-0x0000000006640000-0x0000000006641000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-132-0x0000000006830000-0x0000000006831000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-133-0x00000000069C0000-0x00000000069C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-134-0x0000000007CC0000-0x0000000007CC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4324-135-0x0000000007EB0000-0x0000000007EB1000-memory.dmp
    Filesize

    4KB

    Download