Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    28-01-2022 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8423dd9eb85cb0023cd4b8a127b57b4d555f339eba21fd24508e53c91c11d431.exe

  • Size

    462KB

  • MD5

    1a486a704fb8f22491cf93351212b9bd

  • SHA1

    27b105c9b480197d29e109f661a4b1643be0d453

  • SHA256

    8423dd9eb85cb0023cd4b8a127b57b4d555f339eba21fd24508e53c91c11d431

  • SHA512

    3194797d1c76203a488b99519956a2cb91bae3bcb4499cf634ba7e3481b5e9555314d79089eed0339af631f229168eb56ad1159219420161828b2b26415d45f5

Score
10/10
redlineruzkikakoytodiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8423dd9eb85cb0023cd4b8a127b57b4d555f339eba21fd24508e53c91c11d431.exe
    "C:\Users\Admin\AppData\Local\Temp\8423dd9eb85cb0023cd4b8a127b57b4d555f339eba21fd24508e53c91c11d431.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2992

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2992-116-0x00000000021D0000-0x0000000002209000-memory.dmp
    Filesize

    228KB

    Download
  • memory/2992-117-0x0000000000400000-0x000000000049D000-memory.dmp
    Filesize

    628KB

    Download
  • memory/2992-118-0x00000000025D0000-0x00000000025D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2992-119-0x0000000002350000-0x0000000002384000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2992-120-0x0000000004C90000-0x000000000518E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2992-121-0x00000000025E0000-0x0000000002612000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2992-122-0x00000000025D2000-0x00000000025D3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2992-123-0x00000000025D3000-0x00000000025D4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2992-124-0x0000000005190000-0x0000000005796000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2992-125-0x00000000026D0000-0x00000000026E2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2992-126-0x00000000057A0000-0x00000000058AA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2992-127-0x00000000058B0000-0x00000000058EE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2992-128-0x0000000002590000-0x00000000025D6000-memory.dmp
    Filesize

    280KB

    Download
  • memory/2992-129-0x0000000005900000-0x000000000594B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2992-130-0x0000000000830000-0x00000000008A6000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2992-131-0x0000000000910000-0x00000000009A2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2992-132-0x0000000000630000-0x000000000064E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/2992-133-0x0000000005F90000-0x0000000005FF6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/2992-134-0x0000000006420000-0x00000000065E2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/2992-135-0x0000000006610000-0x0000000006B3C000-memory.dmp
    Filesize

    5.2MB

    Download