Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    21-01-2022 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70a5c13cfe466503802918e5710256c80529a8702f500994e95754705961019b.exe

  • Size

    438KB

  • MD5

    cf7333d9e77df7ba1952081e9810b853

  • SHA1

    0e0f8986eb9adb35d2105988fe3836abb7b260a4

  • SHA256

    70a5c13cfe466503802918e5710256c80529a8702f500994e95754705961019b

  • SHA512

    4e49ea9860138fd09d5c337afb18614ce9a049283f51014b4bdc3b4648e597aefdf469bd88b1f9b87a93648d94693230438fdd8a6496de3bf6b3d19a688197c9

Score
10/10
redlinenonameinfostealer

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70a5c13cfe466503802918e5710256c80529a8702f500994e95754705961019b.exe
    "C:\Users\Admin\AppData\Local\Temp\70a5c13cfe466503802918e5710256c80529a8702f500994e95754705961019b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2236-118-0x0000000000890000-0x00000000008D3000-memory.dmp
    Filesize

    268KB

    Download
  • memory/2236-119-0x0000000002330000-0x0000000002369000-memory.dmp
    Filesize

    228KB

    Download
  • memory/2236-120-0x0000000000400000-0x00000000005F5000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/2236-142-0x0000000002420000-0x0000000002454000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2236-156-0x0000000004E80000-0x000000000537E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2236-162-0x0000000002820000-0x0000000002852000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2236-166-0x0000000005380000-0x0000000005986000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2236-167-0x0000000002A20000-0x0000000002A32000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2236-168-0x0000000005990000-0x0000000005A9A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2236-171-0x0000000004DE0000-0x0000000004E1E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2236-197-0x0000000005AA0000-0x0000000005AEB000-memory.dmp
    Filesize

    300KB

    Download