Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    110s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    16-01-2022 09:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    912df64e26edbea1bd2dd5aa482861408af3e299a348eea707f29521efe421f1.exe

  • Size

    415KB

  • MD5

    af80f08d70be602fefa4aec435fe9617

  • SHA1

    8cf107edac47f224ca7dea385d85d0febf586ba0

  • SHA256

    912df64e26edbea1bd2dd5aa482861408af3e299a348eea707f29521efe421f1

  • SHA512

    ece187ae4d75991209a64c64d9e6b4fecb9244fb406c0ec7e776d5c30c98d01207d3381b67cc6cbf3eb120b6bd836ae1da7144f9d5ec16b9ffa953a583b79394

Score
10/10
redlinenonamediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:34865

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\912df64e26edbea1bd2dd5aa482861408af3e299a348eea707f29521efe421f1.exe
    "C:\Users\Admin\AppData\Local\Temp\912df64e26edbea1bd2dd5aa482861408af3e299a348eea707f29521efe421f1.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3972

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3972-115-0x00000000007BA000-0x00000000007E5000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3972-116-0x0000000002240000-0x0000000002279000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3972-117-0x0000000000400000-0x00000000004FD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/3972-118-0x0000000002510000-0x0000000002544000-memory.dmp

    Filesize

    208KB

    Download

  • memory/3972-119-0x0000000004C60000-0x000000000515E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/3972-120-0x00000000025B0000-0x00000000025E2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/3972-122-0x00000000024E2000-0x00000000024E3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3972-121-0x00000000024E0000-0x00000000024E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3972-123-0x00000000024E3000-0x00000000024E4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3972-124-0x0000000005160000-0x0000000005766000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/3972-125-0x0000000005790000-0x00000000057A2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3972-126-0x00000000057C0000-0x00000000058CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3972-127-0x00000000024E4000-0x00000000024E6000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3972-128-0x0000000005910000-0x000000000594E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3972-129-0x0000000005960000-0x00000000059AB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/3972-130-0x0000000005C00000-0x0000000005C66000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3972-131-0x00000000062A0000-0x0000000006316000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3972-132-0x0000000006360000-0x00000000063F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3972-133-0x0000000006450000-0x000000000646E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3972-134-0x0000000006680000-0x0000000006842000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3972-135-0x0000000006850000-0x0000000006D7C000-memory.dmp

    Filesize

    5.2MB

    Download