Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    142s
  • max time network
    161s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-01-2022 10:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    586f15235b0f2277a2cb82fd96261e4167c3e2ca7c2c34bd30165bbd38537e6f.exe

  • Size

    402KB

  • MD5

    91606d0e2881a66d0384e438d853dc90

  • SHA1

    e41b42d6385e50ee09dc73d8a9131634bd8f54b0

  • SHA256

    586f15235b0f2277a2cb82fd96261e4167c3e2ca7c2c34bd30165bbd38537e6f

  • SHA512

    51491d80bb5954d3ac2ba62576219d239cd94cf039ff49c3e96bda44c0b9d5ed5a80e48fd773bf1eb103de2bcf51184c9ec8c3c1f06c85f8f03a04472df1fa41

Score
10/10
redlinenonameinfostealer

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\586f15235b0f2277a2cb82fd96261e4167c3e2ca7c2c34bd30165bbd38537e6f.exe
    "C:\Users\Admin\AppData\Local\Temp\586f15235b0f2277a2cb82fd96261e4167c3e2ca7c2c34bd30165bbd38537e6f.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2496-115-0x00000000001D0000-0x00000000001FB000-memory.dmp
    Filesize

    172KB

    Download
  • memory/2496-116-0x00000000007C0000-0x00000000007F9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/2496-117-0x0000000000400000-0x000000000046C000-memory.dmp
    Filesize

    432KB

    Download
  • memory/2496-118-0x00000000022D0000-0x0000000002304000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2496-119-0x0000000004C30000-0x000000000512E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2496-120-0x00000000026B0000-0x00000000026E2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2496-122-0x0000000004C22000-0x0000000004C23000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2496-121-0x0000000004C20000-0x0000000004C21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2496-123-0x0000000004C23000-0x0000000004C24000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2496-124-0x0000000005130000-0x0000000005736000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2496-125-0x0000000004AD0000-0x0000000004AE2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2496-126-0x0000000004B00000-0x0000000004C0A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2496-127-0x0000000005770000-0x00000000057AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2496-128-0x00000000057C0000-0x000000000580B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2496-129-0x0000000004C24000-0x0000000004C26000-memory.dmp
    Filesize

    8KB

    Download