Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    140s
  • max time network
    156s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    29-01-2022 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e98b53b42262de44b263e2620f8e08028692877251766e44b9f1127a35b4685f.exe

  • Size

    458KB

  • MD5

    221385ea066e800055c7f7e3260a40ff

  • SHA1

    92523ed4a03dbae71a18bf9dfb551a9aea0edd3d

  • SHA256

    e98b53b42262de44b263e2620f8e08028692877251766e44b9f1127a35b4685f

  • SHA512

    6341702a1ccc629c7d8576d84a578c43543d0cbc7311a7e719bea0003c8aa4dd65d6e987cd13365f892cea85ff2df1885efe6de24d9477647e9db525da2a39ed

Score
10/10
redlineruzkikakoytoinfostealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e98b53b42262de44b263e2620f8e08028692877251766e44b9f1127a35b4685f.exe
    "C:\Users\Admin\AppData\Local\Temp\e98b53b42262de44b263e2620f8e08028692877251766e44b9f1127a35b4685f.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2224-115-0x0000000000480000-0x000000000052E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2224-116-0x0000000000480000-0x000000000052E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2224-117-0x0000000000400000-0x000000000047A000-memory.dmp
    Filesize

    488KB

    Download
  • memory/2224-118-0x0000000002310000-0x0000000002344000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2224-120-0x0000000004CE2000-0x0000000004CE3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-119-0x0000000004CE0000-0x0000000004CE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-121-0x0000000004CE3000-0x0000000004CE4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-122-0x0000000004CF0000-0x00000000051EE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2224-123-0x0000000002470000-0x00000000024A2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2224-124-0x0000000005800000-0x0000000005E06000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2224-125-0x0000000002680000-0x0000000002692000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2224-126-0x0000000004B50000-0x0000000004C5A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2224-127-0x0000000004C60000-0x0000000004C9E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2224-128-0x0000000004CE4000-0x0000000004CE6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2224-129-0x00000000051F0000-0x000000000523B000-memory.dmp
    Filesize

    300KB

    Download