Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    138s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    29-01-2022 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8978ac77fcf0acbcfd44eef20ffad25b3a168fedc926f6f729060ae33c0bccdb.exe

  • Size

    457KB

  • MD5

    26be3c0c5533ffdfd776e8798d9f624b

  • SHA1

    b7015b77ac7580e7589fe09807730993f049bab7

  • SHA256

    8978ac77fcf0acbcfd44eef20ffad25b3a168fedc926f6f729060ae33c0bccdb

  • SHA512

    b6b4d121944a0f721bb5a83892020c190263f2b9222fc1151db5279922b646289d6a664500d662328af368ffcdcc3f01ce443f7d23cc9dfbbc72dc511090b59a

Score
10/10
redlinenonameinfostealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8978ac77fcf0acbcfd44eef20ffad25b3a168fedc926f6f729060ae33c0bccdb.exe
    "C:\Users\Admin\AppData\Local\Temp\8978ac77fcf0acbcfd44eef20ffad25b3a168fedc926f6f729060ae33c0bccdb.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2736-118-0x0000000000480000-0x00000000005CA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/2736-119-0x00000000005F0000-0x0000000000629000-memory.dmp
    Filesize

    228KB

    Download
  • memory/2736-120-0x0000000000400000-0x000000000047A000-memory.dmp
    Filesize

    488KB

    Download
  • memory/2736-121-0x0000000002320000-0x0000000002354000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2736-122-0x0000000004C90000-0x000000000518E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2736-123-0x00000000024C0000-0x00000000024F2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/2736-124-0x0000000002230000-0x0000000002240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2736-125-0x0000000002230000-0x0000000002240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2736-126-0x0000000002230000-0x0000000002240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2736-127-0x0000000005190000-0x0000000005796000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2736-128-0x00000000027E0000-0x00000000027F2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2736-129-0x00000000057A0000-0x00000000058AA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2736-130-0x00000000058C0000-0x00000000058FE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2736-131-0x0000000002230000-0x0000000002240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2736-132-0x0000000005910000-0x000000000595B000-memory.dmp
    Filesize

    300KB

    Download