Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    05-11-2021 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c0482002fb2075c4acb68bcf05a3974f3a834378820372ebd23957657c191dc.exe

  • Size

    413KB

  • MD5

    2d985f69ec5841f0d19f1eccc98c3ce7

  • SHA1

    d3db72bdc9cc4c49522bc68a8c396222bc329add

  • SHA256

    6c0482002fb2075c4acb68bcf05a3974f3a834378820372ebd23957657c191dc

  • SHA512

    8aa2bad91b9caba3cebd4d7baf95ed8e1822747bed1ed1d25d7962a30fcf80bbf1ee6e8b14bc89693b6b6736b7d1291f1e304ff422db00b4cde9e5b1ed5f054f

Score
10/10
redlinesomebodydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

SomeBody

C2

185.215.113.29:36224

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c0482002fb2075c4acb68bcf05a3974f3a834378820372ebd23957657c191dc.exe
    "C:\Users\Admin\AppData\Local\Temp\6c0482002fb2075c4acb68bcf05a3974f3a834378820372ebd23957657c191dc.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4224

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4224-117-0x0000000000400000-0x000000000090B000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/4224-116-0x0000000000A00000-0x0000000000B4A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/4224-118-0x0000000002A90000-0x0000000002AAC000-memory.dmp
    Filesize

    112KB

    Download
  • memory/4224-119-0x00000000050E0000-0x00000000050E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-120-0x00000000050E2000-0x00000000050E3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-121-0x00000000050F0000-0x00000000050F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-122-0x0000000004F70000-0x0000000004F8B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/4224-123-0x00000000055F0000-0x00000000055F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-124-0x00000000050E3000-0x00000000050E4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-125-0x0000000005040000-0x0000000005041000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-126-0x0000000005C00000-0x0000000005C01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-127-0x0000000005060000-0x0000000005061000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-128-0x00000000050E4000-0x00000000050E6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4224-129-0x0000000005D10000-0x0000000005D11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-130-0x0000000005F90000-0x0000000005F91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-131-0x00000000066A0000-0x00000000066A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-132-0x0000000006720000-0x0000000006721000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-133-0x0000000006910000-0x0000000006911000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-134-0x00000000069D0000-0x00000000069D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4224-135-0x0000000006BB0000-0x0000000006BB1000-memory.dmp
    Filesize

    4KB

    Download