Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    81s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    21-01-2022 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28e2df8556bb1ead65a07f984113af78e1bfc3578c84acf714273658c00ef0fb.exe

  • Size

    439KB

  • MD5

    46737caa52b30fa405b1c3eb04293ddf

  • SHA1

    7cd75e7222a301e95e4a2a2b7335c21155929098

  • SHA256

    28e2df8556bb1ead65a07f984113af78e1bfc3578c84acf714273658c00ef0fb

  • SHA512

    58c24a7e202f1a817c3b176170aa490f35f618bd3c9be3aaa67f3770a8d0c97baf38273e14aa540702b68ec5459fe940e4f22a38b3fbf5165ef31132613a33f2

Score
10/10
redlinenonamediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28e2df8556bb1ead65a07f984113af78e1bfc3578c84acf714273658c00ef0fb.exe
    "C:\Users\Admin\AppData\Local\Temp\28e2df8556bb1ead65a07f984113af78e1bfc3578c84acf714273658c00ef0fb.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4084

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4084-115-0x00000000008B0000-0x00000000008F3000-memory.dmp
    Filesize

    268KB

    Download
  • memory/4084-116-0x0000000002350000-0x0000000002389000-memory.dmp
    Filesize

    228KB

    Download
  • memory/4084-117-0x0000000000400000-0x00000000005F6000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/4084-118-0x0000000002410000-0x0000000002444000-memory.dmp
    Filesize

    208KB

    Download
  • memory/4084-119-0x0000000004E20000-0x000000000531E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/4084-120-0x0000000002640000-0x0000000002672000-memory.dmp
    Filesize

    200KB

    Download
  • memory/4084-121-0x0000000002630000-0x0000000002631000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4084-123-0x0000000002633000-0x0000000002634000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4084-122-0x0000000002632000-0x0000000002633000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4084-124-0x0000000005320000-0x0000000005926000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/4084-125-0x0000000002940000-0x0000000002952000-memory.dmp
    Filesize

    72KB

    Download
  • memory/4084-126-0x0000000005930000-0x0000000005A3A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/4084-127-0x0000000005A40000-0x0000000005A7E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/4084-128-0x0000000005A80000-0x0000000005ACB000-memory.dmp
    Filesize

    300KB

    Download
  • memory/4084-129-0x00000000025E0000-0x0000000002636000-memory.dmp
    Filesize

    344KB

    Download
  • memory/4084-130-0x0000000005D00000-0x0000000005D66000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4084-131-0x00000000063A0000-0x0000000006416000-memory.dmp
    Filesize

    472KB

    Download
  • memory/4084-132-0x0000000006460000-0x00000000064F2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4084-133-0x0000000006550000-0x000000000656E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4084-134-0x0000000006780000-0x0000000006942000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/4084-135-0x0000000006950000-0x0000000006E7C000-memory.dmp
    Filesize

    5.2MB

    Download