Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    21-01-2022 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8aff7875b4cb18ab32a25ae82f9cdb35229b30232cab6c8bb835bd4c62c34f5.exe

  • Size

    438KB

  • MD5

    dcce390d3b1a9046da6cece499782d7d

  • SHA1

    669a99f713c35e1851a68bfceff603cc02b9a74a

  • SHA256

    c8aff7875b4cb18ab32a25ae82f9cdb35229b30232cab6c8bb835bd4c62c34f5

  • SHA512

    cbd31d99c68730d520baba0e6d44f1d76c619b73aebb7905fe4a8e621b27ccb994dfa9ab5d4b06d2740b431829b408fdd1423b48c3c49e261c2f47ee603b5bab

Score
10/10
redlinenonameinfostealer

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8aff7875b4cb18ab32a25ae82f9cdb35229b30232cab6c8bb835bd4c62c34f5.exe
    "C:\Users\Admin\AppData\Local\Temp\c8aff7875b4cb18ab32a25ae82f9cdb35229b30232cab6c8bb835bd4c62c34f5.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3800-115-0x0000000000890000-0x00000000008D4000-memory.dmp
    Filesize

    272KB

    Download
  • memory/3800-116-0x00000000023C0000-0x00000000023F4000-memory.dmp
    Filesize

    208KB

    Download
  • memory/3800-117-0x0000000004DE0000-0x00000000052DE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3800-118-0x0000000004CB0000-0x0000000004CE2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/3800-119-0x0000000002230000-0x0000000002269000-memory.dmp
    Filesize

    228KB

    Download
  • memory/3800-120-0x0000000000400000-0x00000000005F5000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/3800-122-0x0000000004DD2000-0x0000000004DD3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3800-121-0x0000000004DD0000-0x0000000004DD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3800-123-0x0000000004DD3000-0x0000000004DD4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3800-124-0x00000000052E0000-0x00000000058E6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3800-125-0x0000000004D70000-0x0000000004D82000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3800-126-0x00000000058F0000-0x00000000059FA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3800-127-0x0000000005A10000-0x0000000005A4E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/3800-128-0x0000000004DD4000-0x0000000004DD6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3800-129-0x0000000005A60000-0x0000000005AAB000-memory.dmp
    Filesize

    300KB

    Download