Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    139s
  • max time network
    174s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    29-01-2022 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5d53ee727c9e0c28f38a7c2ac429c5162d714d2f7b9c1b385f8a3b7f690519b.exe

  • Size

    457KB

  • MD5

    78d229b0e01e94ba3939195775cb2424

  • SHA1

    a76d8970224973e7d42b8ea2fc161f5c1b896aaf

  • SHA256

    b5d53ee727c9e0c28f38a7c2ac429c5162d714d2f7b9c1b385f8a3b7f690519b

  • SHA512

    f4f9d0f160f13058e8e1a14df56d2de91d9324012d1d060052022f94ca1ed120693f7c2c273aeda9ac1388a3acbd0cf1b39ddbfe14fe6a93543dfc8172623bd0

Score
10/10
redlineruzkikakoytoinfostealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5d53ee727c9e0c28f38a7c2ac429c5162d714d2f7b9c1b385f8a3b7f690519b.exe
    "C:\Users\Admin\AppData\Local\Temp\b5d53ee727c9e0c28f38a7c2ac429c5162d714d2f7b9c1b385f8a3b7f690519b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2308-115-0x0000000002190000-0x00000000021BB000-memory.dmp
    Filesize

    172KB

    Download
  • memory/2308-116-0x00000000021C0000-0x00000000021F9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/2308-117-0x0000000000400000-0x000000000047A000-memory.dmp
    Filesize

    488KB

    Download
  • memory/2308-118-0x0000000004C80000-0x0000000004C81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2308-119-0x00000000022D0000-0x0000000002304000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2308-120-0x0000000004C82000-0x0000000004C83000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2308-121-0x0000000004C83000-0x0000000004C84000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2308-122-0x0000000004C90000-0x000000000518E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2308-123-0x0000000002410000-0x0000000002442000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2308-124-0x0000000005190000-0x0000000005796000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2308-125-0x0000000004C20000-0x0000000004C32000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2308-126-0x00000000057A0000-0x00000000058AA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2308-127-0x0000000004C84000-0x0000000004C86000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2308-128-0x00000000058C0000-0x00000000058FE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2308-129-0x0000000005910000-0x000000000595B000-memory.dmp
    Filesize

    300KB

    Download