Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    161s
  • max time network
    160s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    29-01-2022 04:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f173997456369837ad9d4df6184b667391a011b72ce6c4d5a62d1d35d14f92d3.exe

  • Size

    458KB

  • MD5

    473ece4278d26f2140e9fba3f52e84bc

  • SHA1

    15787423dd1e76744aebf06a35f89315ae8665e9

  • SHA256

    f173997456369837ad9d4df6184b667391a011b72ce6c4d5a62d1d35d14f92d3

  • SHA512

    1fb8e64dd868bc306888e42e3882bb44bc6b30f317a685a3197e5b535c7f6d81a8a999ec56fa7f556bc47775b823b09a7736b2bd4f8c898f1cfb20851d2d9e7a

Score
10/10
redlineruzkikakoytoinfostealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f173997456369837ad9d4df6184b667391a011b72ce6c4d5a62d1d35d14f92d3.exe
    "C:\Users\Admin\AppData\Local\Temp\f173997456369837ad9d4df6184b667391a011b72ce6c4d5a62d1d35d14f92d3.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2600-116-0x00000000004F0000-0x000000000059E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2600-117-0x00000000004F0000-0x000000000059E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2600-118-0x0000000000400000-0x000000000047A000-memory.dmp
    Filesize

    488KB

    Download
  • memory/2600-119-0x0000000002420000-0x0000000002454000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2600-120-0x00000000024B0000-0x0000000002690000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2600-121-0x00000000024B0000-0x0000000002690000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2600-122-0x0000000004C50000-0x000000000514E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2600-123-0x00000000024B0000-0x0000000002690000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2600-124-0x00000000025C0000-0x00000000025F2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2600-125-0x0000000005150000-0x0000000005756000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2600-126-0x00000000027E0000-0x00000000027F2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2600-127-0x0000000005770000-0x000000000587A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2600-128-0x00000000058C0000-0x00000000058FE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2600-129-0x0000000005910000-0x000000000595B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2600-130-0x00000000024B0000-0x0000000002690000-memory.dmp
    Filesize

    1.9MB

    Download