Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-01-2022 18:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    752bb5f0c230849911d3a2360df7d0eaef3fd7e6743702a3ca4e12300f172614.exe

  • Size

    403KB

  • MD5

    29acb5305369e8652ca6600802f21f1f

  • SHA1

    7f2e1641b911205b61996f689eec1968b2e9dcbb

  • SHA256

    752bb5f0c230849911d3a2360df7d0eaef3fd7e6743702a3ca4e12300f172614

  • SHA512

    1230c71a649069d891942c6ca904918e2dfd5035d6fef79cd98d30a0101700cb9723e3dacc624d9a4a6cd9e3f2a98f0cdb1cab6ce5e6a57b4563285932445e54

Score
10/10
redlinenonameinfostealer

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\752bb5f0c230849911d3a2360df7d0eaef3fd7e6743702a3ca4e12300f172614.exe
    "C:\Users\Admin\AppData\Local\Temp\752bb5f0c230849911d3a2360df7d0eaef3fd7e6743702a3ca4e12300f172614.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2640-118-0x0000000000590000-0x00000000006DA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/2640-119-0x0000000000590000-0x00000000006DA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/2640-120-0x0000000000400000-0x000000000046C000-memory.dmp
    Filesize

    432KB

    Download
  • memory/2640-142-0x0000000002280000-0x00000000022B4000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2640-156-0x0000000004CD0000-0x00000000051CE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2640-162-0x0000000002330000-0x0000000002362000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2640-166-0x00000000051D0000-0x00000000057D6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2640-167-0x0000000004C10000-0x0000000004C22000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2640-168-0x00000000057E0000-0x00000000058EA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2640-171-0x0000000004C80000-0x0000000004CBE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2640-197-0x0000000005900000-0x000000000594B000-memory.dmp
    Filesize

    300KB

    Download