Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    77s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    27-01-2022 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea0c8c8f4ae1cb9a60f8fe532d9effa61a8fcec8ca0ca8b231fa73f2d5408c3c.exe

  • Size

    380KB

  • MD5

    3490d8c4ddf715b103e851fff227c3eb

  • SHA1

    6e456f5f062801c8a4130a94c21e2126b12fe033

  • SHA256

    ea0c8c8f4ae1cb9a60f8fe532d9effa61a8fcec8ca0ca8b231fa73f2d5408c3c

  • SHA512

    fa9421f9dc37773c8f0dc1592a6db4eee1b85d931c7aaf84e98a3c68f9ba76e84bdd394758ba1654d076b5bd9b84ff203ddbafdfe6c60eb14e370adc26fd64f6

Score
10/10
redlinenonamediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea0c8c8f4ae1cb9a60f8fe532d9effa61a8fcec8ca0ca8b231fa73f2d5408c3c.exe
    "C:\Users\Admin\AppData\Local\Temp\ea0c8c8f4ae1cb9a60f8fe532d9effa61a8fcec8ca0ca8b231fa73f2d5408c3c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3152-116-0x0000000002090000-0x00000000020C9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/3152-117-0x0000000000400000-0x0000000000465000-memory.dmp
    Filesize

    404KB

    Download
  • memory/3152-118-0x00000000024B0000-0x00000000024E4000-memory.dmp
    Filesize

    208KB

    Download
  • memory/3152-119-0x0000000004CD0000-0x00000000051CE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3152-120-0x0000000004CC0000-0x0000000004CC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3152-121-0x0000000004CC2000-0x0000000004CC3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3152-122-0x0000000004CC3000-0x0000000004CC4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3152-123-0x0000000004B10000-0x0000000004B42000-memory.dmp
    Filesize

    200KB

    Download
  • memory/3152-124-0x00000000051D0000-0x00000000057D6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3152-125-0x0000000004BE0000-0x0000000004BF2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3152-126-0x00000000057E0000-0x00000000058EA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3152-127-0x0000000004CC4000-0x0000000004CC6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3152-128-0x0000000004C50000-0x0000000004C8E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/3152-129-0x00000000058F0000-0x000000000593B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/3152-130-0x0000000005B70000-0x0000000005BE6000-memory.dmp
    Filesize

    472KB

    Download
  • memory/3152-131-0x0000000005C60000-0x0000000005CF2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3152-132-0x0000000005C30000-0x0000000005C4E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/3152-133-0x0000000005E60000-0x0000000005EC6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/3152-134-0x00000000065A0000-0x0000000006762000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3152-135-0x0000000006770000-0x0000000006C9C000-memory.dmp
    Filesize

    5.2MB

    Download