Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    03-11-2021 19:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b67ed9062a7ae68480e8b06d2e90f3a2d0709bcd6f3985ec16b50ad7f26b04eb.exe

  • Size

    363KB

  • MD5

    ba33bba3ff5c4810541206e176eb291b

  • SHA1

    23ccab1d58107ea63e4a10ded948d751745c447e

  • SHA256

    b67ed9062a7ae68480e8b06d2e90f3a2d0709bcd6f3985ec16b50ad7f26b04eb

  • SHA512

    6bc3462f5184d0bbbd79ee6e2746604487392d085e9dcc23e55ead242b8ae087f9f05baf3bccd6370ac48ef82ded53d5e7374ccb6d8e5e80b338da678a947b06

Score
10/10
redlinesomebodydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

SomeBody

C2

185.215.113.29:36224

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b67ed9062a7ae68480e8b06d2e90f3a2d0709bcd6f3985ec16b50ad7f26b04eb.exe
    "C:\Users\Admin\AppData\Local\Temp\b67ed9062a7ae68480e8b06d2e90f3a2d0709bcd6f3985ec16b50ad7f26b04eb.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2716

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2716-115-0x0000000000BF9000-0x0000000000C1C000-memory.dmp
    Filesize

    140KB

    Download
  • memory/2716-117-0x0000000000400000-0x00000000008FF000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2716-116-0x0000000000B80000-0x0000000000BB0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/2716-118-0x0000000005150000-0x0000000005151000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-119-0x0000000002740000-0x000000000275C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/2716-120-0x0000000005160000-0x0000000005161000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-121-0x0000000005152000-0x0000000005153000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-122-0x0000000005153000-0x0000000005154000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-123-0x0000000002950000-0x000000000296B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/2716-124-0x0000000005660000-0x0000000005661000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-125-0x0000000002BC0000-0x0000000002BC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-126-0x0000000005040000-0x0000000005041000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-127-0x0000000005154000-0x0000000005156000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2716-128-0x0000000005C70000-0x0000000005C71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-129-0x0000000005CF0000-0x0000000005CF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-130-0x0000000005F80000-0x0000000005F81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-131-0x0000000006020000-0x0000000006021000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-132-0x0000000006100000-0x0000000006101000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-133-0x00000000062A0000-0x00000000062A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-134-0x00000000069C0000-0x00000000069C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2716-135-0x0000000006BD0000-0x0000000006BD1000-memory.dmp
    Filesize

    4KB

    Download