Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    167s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    29-01-2022 00:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2f735b15f830d65289c6e25c7161dad15ffbd18dae33fe554ac153d7d5caab7.exe

  • Size

    458KB

  • MD5

    e3c3769131fe40692aa2776633c31867

  • SHA1

    3646cd11a5aba28a8c9d84feb143e139f0701667

  • SHA256

    e2f735b15f830d65289c6e25c7161dad15ffbd18dae33fe554ac153d7d5caab7

  • SHA512

    2003693498b1e30890bc8de5b9e516f0cb9dec0a5b5d067b48f27eeacb831c4adceadc43a7594fa99b6855bf328ade4e83975c9160f09b9153cb5019d3e33396

Score
10/10
redlinenonamediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2f735b15f830d65289c6e25c7161dad15ffbd18dae33fe554ac153d7d5caab7.exe
    "C:\Users\Admin\AppData\Local\Temp\e2f735b15f830d65289c6e25c7161dad15ffbd18dae33fe554ac153d7d5caab7.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2568

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2568-115-0x00000000021C0000-0x00000000021EB000-memory.dmp
    Filesize

    172KB

    Download
  • memory/2568-116-0x00000000021F0000-0x0000000002229000-memory.dmp
    Filesize

    228KB

    Download
  • memory/2568-117-0x0000000000400000-0x000000000047A000-memory.dmp
    Filesize

    488KB

    Download
  • memory/2568-118-0x0000000002520000-0x0000000002554000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2568-119-0x0000000004D70000-0x000000000526E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2568-120-0x00000000026F0000-0x0000000002722000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2568-121-0x0000000004D60000-0x0000000004D61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2568-122-0x0000000004D62000-0x0000000004D63000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2568-123-0x0000000004D63000-0x0000000004D64000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2568-124-0x0000000005270000-0x0000000005876000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2568-125-0x0000000004C20000-0x0000000004C32000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2568-126-0x0000000004C50000-0x0000000004D5A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2568-127-0x00000000058C0000-0x00000000058FE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2568-128-0x0000000004D64000-0x0000000004D66000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2568-129-0x0000000005910000-0x000000000595B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2568-130-0x0000000000700000-0x0000000000776000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2568-131-0x00000000007F0000-0x0000000000882000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2568-132-0x00000000007C0000-0x00000000007DE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/2568-133-0x0000000005F90000-0x0000000005FF6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/2568-134-0x0000000006440000-0x0000000006602000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/2568-135-0x0000000006620000-0x0000000006B4C000-memory.dmp
    Filesize

    5.2MB

    Download