Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    82s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    16-01-2022 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    098aebdc9da198cf674af66fec9a7d790feebf60e78ec7c6288851d8b3db30f5.exe

  • Size

    416KB

  • MD5

    5c07760d4ef93292c5b19dd55ebbc322

  • SHA1

    c3368e114c04ffc907dd982e3d0aa11cbb5bca34

  • SHA256

    098aebdc9da198cf674af66fec9a7d790feebf60e78ec7c6288851d8b3db30f5

  • SHA512

    d617d776f4f2a84d4a4023308dff246a846ecf42a897fa2b606de7ea270d52d1d6df098adca778f334c8a27a8302648e72d6d84c6b1dab7d55cecd5a5b8d24d3

Score
10/10
redlinenonamediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:34865

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\098aebdc9da198cf674af66fec9a7d790feebf60e78ec7c6288851d8b3db30f5.exe
    "C:\Users\Admin\AppData\Local\Temp\098aebdc9da198cf674af66fec9a7d790feebf60e78ec7c6288851d8b3db30f5.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3720

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3720-115-0x000000000075A000-0x0000000000785000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3720-116-0x00000000025A0000-0x00000000025D4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/3720-117-0x0000000004E10000-0x000000000530E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/3720-118-0x0000000002730000-0x0000000002762000-memory.dmp

    Filesize

    200KB

    Download

  • memory/3720-119-0x0000000000690000-0x00000000006C9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3720-120-0x0000000000400000-0x00000000004FE000-memory.dmp

    Filesize

    1016KB

    Download

  • memory/3720-121-0x0000000004E00000-0x0000000004E01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3720-122-0x0000000004E02000-0x0000000004E03000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3720-123-0x0000000004E03000-0x0000000004E04000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3720-124-0x0000000005310000-0x0000000005916000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/3720-125-0x0000000004C70000-0x0000000004C82000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3720-126-0x0000000004CA0000-0x0000000004DAA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3720-127-0x0000000005920000-0x000000000595E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3720-128-0x0000000004E04000-0x0000000004E06000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3720-129-0x0000000005960000-0x00000000059AB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/3720-130-0x0000000005C00000-0x0000000005C66000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3720-131-0x00000000062C0000-0x0000000006336000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3720-132-0x0000000006360000-0x00000000063F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3720-133-0x0000000006450000-0x000000000646E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3720-134-0x0000000006680000-0x0000000006842000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3720-135-0x0000000006850000-0x0000000006D7C000-memory.dmp

    Filesize

    5.2MB

    Download