Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    19-01-2022 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    210adb77fd7478b1a522980371d31a987d43cf536ab8a4e7c8528a70c80aec6c.exe

  • Size

    408KB

  • MD5

    7e34b34f6742782e8757ee1a6a333b5e

  • SHA1

    20510b5bd6bf1f46917db58995b1607bf3760327

  • SHA256

    210adb77fd7478b1a522980371d31a987d43cf536ab8a4e7c8528a70c80aec6c

  • SHA512

    1a41ff1e869f39e2038c25a51347f67abad42ddbd83c809401f2337a5245243904f6482a7998d19e33edeb321c3e50199a50bf3097b6a492f12ca229e1177a3b

Score
10/10
redlinenonameinfostealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:34865

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\210adb77fd7478b1a522980371d31a987d43cf536ab8a4e7c8528a70c80aec6c.exe
    "C:\Users\Admin\AppData\Local\Temp\210adb77fd7478b1a522980371d31a987d43cf536ab8a4e7c8528a70c80aec6c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2744-115-0x00000000008D0000-0x00000000008FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2744-116-0x0000000000900000-0x0000000000939000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2744-117-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/2744-118-0x00000000023D0000-0x0000000002404000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2744-119-0x0000000004BA0000-0x000000000509E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2744-120-0x0000000002580000-0x00000000025B2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2744-123-0x0000000004B92000-0x0000000004B93000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-124-0x0000000004B93000-0x0000000004B94000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-122-0x00000000050A0000-0x00000000056A6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2744-121-0x0000000004B90000-0x0000000004B91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-125-0x0000000004AD0000-0x0000000004AE2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2744-126-0x00000000056B0000-0x00000000057BA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2744-127-0x0000000004B40000-0x0000000004B7E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2744-128-0x0000000004B94000-0x0000000004B96000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2744-129-0x00000000057C0000-0x000000000580B000-memory.dmp

    Filesize

    300KB

    Download