Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    123s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    03-11-2021 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    192db7c2cdf635940fbd910c29c621f49595e95867ed6e71949ed756950c85b6.exe

  • Size

    360KB

  • MD5

    e3992b7b17fdc2416b6d76b8bd78fb38

  • SHA1

    9f66271065275e760e4eef88c99846156e6acbed

  • SHA256

    192db7c2cdf635940fbd910c29c621f49595e95867ed6e71949ed756950c85b6

  • SHA512

    802e879409c6c90de641693932ac72c6db6bdfdce08f00cfce713694a8df0a0b577229538586cd26d7aecbe9204dc9a926e5aa72b016bc7016f65798eb481a20

Score
10/10
redlinesomebodydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

SomeBody

C2

185.215.113.29:36224

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\192db7c2cdf635940fbd910c29c621f49595e95867ed6e71949ed756950c85b6.exe
    "C:\Users\Admin\AppData\Local\Temp\192db7c2cdf635940fbd910c29c621f49595e95867ed6e71949ed756950c85b6.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3064

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3064-119-0x0000000002610000-0x0000000002640000-memory.dmp
    Filesize

    192KB

    Download
  • memory/3064-120-0x0000000000400000-0x00000000008FE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3064-121-0x0000000005080000-0x0000000005081000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-122-0x0000000002770000-0x000000000278C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/3064-123-0x0000000005090000-0x0000000005091000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-124-0x0000000005082000-0x0000000005083000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-125-0x0000000005083000-0x0000000005084000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-126-0x0000000004F60000-0x0000000004F7B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/3064-127-0x0000000005590000-0x0000000005591000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-128-0x0000000005030000-0x0000000005031000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-129-0x0000000005BA0000-0x0000000005BA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-130-0x0000000005CB0000-0x0000000005CB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-131-0x0000000005084000-0x0000000005086000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3064-132-0x0000000005CF0000-0x0000000005CF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-133-0x0000000005E80000-0x0000000005E81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-134-0x0000000005F20000-0x0000000005F21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-135-0x0000000006100000-0x0000000006101000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-136-0x00000000062A0000-0x00000000062A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-137-0x00000000069C0000-0x00000000069C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3064-138-0x0000000006BB0000-0x0000000006BB1000-memory.dmp
    Filesize

    4KB

    Download