Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    24-10-2021 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fc1a999fafa73e4daf0c7c2bcc5d513610af6afe2fc46396975d577cfac87bf.exe

  • Size

    840KB

  • MD5

    a69fd26cb9d1bc4955ed27b20107e29f

  • SHA1

    a9fe44e8fef8b944f6e5e6e9b7c4373ca95f7920

  • SHA256

    5fc1a999fafa73e4daf0c7c2bcc5d513610af6afe2fc46396975d577cfac87bf

  • SHA512

    acc23be6c9ae709cf15fe16fc462f5e1465546a7f7552eaff218132f2fe9b815508981fb1e852b14c09a1d8f7cbb7a7b5924cb021541f9fb1019992fc677baf5

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Downloads MZ/PE file
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5fc1a999fafa73e4daf0c7c2bcc5d513610af6afe2fc46396975d577cfac87bf.exe
    "C:\Users\Admin\AppData\Local\Temp\5fc1a999fafa73e4daf0c7c2bcc5d513610af6afe2fc46396975d577cfac87bf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3768-116-0x0000000000730000-0x000000000075F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3768-120-0x0000000002AA0000-0x0000000002AB9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3768-122-0x00000000054D0000-0x00000000054D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-123-0x00000000059D0000-0x00000000059D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-124-0x0000000006060000-0x0000000006061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-126-0x00000000052C2000-0x00000000052C3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-125-0x00000000052C0000-0x00000000052C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-127-0x00000000052C3000-0x00000000052C4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-128-0x0000000006130000-0x0000000006131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-129-0x0000000006160000-0x0000000006161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-130-0x0000000007A10000-0x0000000007A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-131-0x00000000052C4000-0x00000000052C5000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-132-0x0000000007BD0000-0x0000000007BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-133-0x0000000007CF0000-0x0000000007CF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-134-0x0000000007D70000-0x0000000007D71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-135-0x0000000008250000-0x0000000008251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-136-0x0000000009170000-0x0000000009171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-137-0x0000000009350000-0x0000000009351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-138-0x0000000008A30000-0x0000000008A31000-memory.dmp

    Filesize

    4KB

    Download