Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    05-11-2021 09:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af0eb2a817cce79765adde18a63058577b739a651690cadcba85d19033b154a5.exe

  • Size

    414KB

  • MD5

    e743dd499c787feb79e1ced5d08cbf88

  • SHA1

    c99b1a822f7050d609cd8e3c18c39dbf8ed3a235

  • SHA256

    af0eb2a817cce79765adde18a63058577b739a651690cadcba85d19033b154a5

  • SHA512

    552f494f3a0e9ea2c82d49132de271dbc1866293e11925972bf53885048010779a8939ddb6c386cd27dcde5363db70f601ac539cc482b3390bd0f3e947994488

Score
10/10
redlinesomebodydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

SomeBody

C2

185.215.113.29:36224

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af0eb2a817cce79765adde18a63058577b739a651690cadcba85d19033b154a5.exe
    "C:\Users\Admin\AppData\Local\Temp\af0eb2a817cce79765adde18a63058577b739a651690cadcba85d19033b154a5.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1744

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1744-115-0x0000000000B29000-0x0000000000B4B000-memory.dmp
    Filesize

    136KB

    Download
  • memory/1744-117-0x0000000000400000-0x000000000090B000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1744-116-0x00000000009B0000-0x0000000000AFA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1744-118-0x0000000002740000-0x000000000275C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/1744-119-0x00000000050A0000-0x00000000050A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-120-0x00000000050B0000-0x00000000050B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-121-0x0000000002AA0000-0x0000000002ABB000-memory.dmp
    Filesize

    108KB

    Download
  • memory/1744-122-0x00000000050A2000-0x00000000050A3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-123-0x00000000050A3000-0x00000000050A4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-124-0x0000000005BC0000-0x0000000005BC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-125-0x0000000005020000-0x0000000005021000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-126-0x00000000055B0000-0x00000000055B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-127-0x0000000005050000-0x0000000005051000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-128-0x00000000050A4000-0x00000000050A6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1744-129-0x00000000056F0000-0x00000000056F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-130-0x0000000005880000-0x0000000005881000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-131-0x0000000006680000-0x0000000006681000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-132-0x0000000006700000-0x0000000006701000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-133-0x00000000068F0000-0x00000000068F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-134-0x00000000069A0000-0x00000000069A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-135-0x0000000006B90000-0x0000000006B91000-memory.dmp
    Filesize

    4KB

    Download