Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    108s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    27-11-2021 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    164cdf8ed71d14647c93ed5cfa7bb0cf371b8681a1c50b5996c99ff76c802c13.exe

  • Size

    393KB

  • MD5

    d043acaaf1f51905a5f979679c1fc0ac

  • SHA1

    c68c7445533544b5f8937f930abccecc54f236a0

  • SHA256

    164cdf8ed71d14647c93ed5cfa7bb0cf371b8681a1c50b5996c99ff76c802c13

  • SHA512

    de53fd8fc443cf96ab12a58963f2ff22c23d8b8a6243b5d94c52529d8b75ea8aec9325e498a012eac12fe53f5d3dc49e5736fff39d240cf7bba75a3a3ef7dc63

Score
10/10
redlineudptestdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

udptest

C2

193.56.146.64:65441

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\164cdf8ed71d14647c93ed5cfa7bb0cf371b8681a1c50b5996c99ff76c802c13.exe
    "C:\Users\Admin\AppData\Local\Temp\164cdf8ed71d14647c93ed5cfa7bb0cf371b8681a1c50b5996c99ff76c802c13.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3752

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3752-117-0x0000000000400000-0x0000000001C18000-memory.dmp
    Filesize

    24.1MB

    Download
  • memory/3752-116-0x0000000003950000-0x0000000003989000-memory.dmp
    Filesize

    228KB

    Download
  • memory/3752-118-0x0000000003DC0000-0x0000000003DEE000-memory.dmp
    Filesize

    184KB

    Download
  • memory/3752-119-0x0000000006590000-0x0000000006591000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-120-0x00000000065A0000-0x00000000065A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-121-0x0000000006592000-0x0000000006593000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-122-0x0000000006593000-0x0000000006594000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-123-0x0000000003E60000-0x0000000003E8C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/3752-124-0x0000000006AA0000-0x0000000006AA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-125-0x0000000004040000-0x0000000004041000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-126-0x00000000063F0000-0x00000000063F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-127-0x0000000006500000-0x0000000006501000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-128-0x0000000006594000-0x0000000006596000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3752-129-0x00000000070B0000-0x00000000070B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-130-0x0000000007310000-0x0000000007311000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-131-0x0000000007390000-0x0000000007391000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-132-0x0000000007570000-0x0000000007571000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-133-0x0000000007630000-0x0000000007631000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-134-0x0000000007D30000-0x0000000007D31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3752-135-0x0000000007F10000-0x0000000007F11000-memory.dmp
    Filesize

    4KB

    Download