Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    27-11-2021 08:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f9090ce3078e6954bba399926a9e735358626101188ac0d9994bff8161a4da2.exe

  • Size

    423KB

  • MD5

    5e1f1ed1b91c848a21479606acb2615a

  • SHA1

    457c1ff71520637e8412def5b116e646f7bc52b5

  • SHA256

    2f9090ce3078e6954bba399926a9e735358626101188ac0d9994bff8161a4da2

  • SHA512

    a959d23f46e03ed2ebf951c37902db0bf173de1dd8a66095599ddedb7c01b3b505fdb67990f62197ef07572764b6a0fbafbe8ae695a4ad685e5b21b8a5d4a855

Score
10/10
redlinepubdatediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Pubdate

C2

193.56.146.64:65441

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f9090ce3078e6954bba399926a9e735358626101188ac0d9994bff8161a4da2.exe
    "C:\Users\Admin\AppData\Local\Temp\2f9090ce3078e6954bba399926a9e735358626101188ac0d9994bff8161a4da2.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2104

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2104-120-0x0000000000400000-0x0000000003245000-memory.dmp
    Filesize

    46.3MB

    Download
  • memory/2104-119-0x00000000032A0000-0x000000000334E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2104-121-0x0000000004F70000-0x0000000004F9E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2104-124-0x0000000005292000-0x0000000005293000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-123-0x00000000077F0000-0x00000000077F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-122-0x0000000005290000-0x0000000005291000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-125-0x0000000005293000-0x0000000005294000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-126-0x0000000005260000-0x000000000528C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/2104-127-0x0000000007D00000-0x0000000007D01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-128-0x00000000083A0000-0x00000000083A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-129-0x00000000083D0000-0x00000000083D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-130-0x00000000084E0000-0x00000000084E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-131-0x0000000008570000-0x0000000008571000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-132-0x0000000005294000-0x0000000005296000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2104-133-0x0000000008800000-0x0000000008801000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-134-0x0000000008880000-0x0000000008881000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-135-0x0000000008A60000-0x0000000008A61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-136-0x0000000008B20000-0x0000000008B21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-137-0x0000000009220000-0x0000000009221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2104-138-0x0000000009400000-0x0000000009401000-memory.dmp
    Filesize

    4KB

    Download