Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    143s
  • max time network
    164s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    29-01-2022 12:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18b87f1a6dad3d5150c03341000c697e1205dd63ecd1da35768bb1a9042b920a.exe

  • Size

    457KB

  • MD5

    a110444ba5cf8a1a9375c61eba60aaff

  • SHA1

    ab0ece34ee1f4602d9909384842c6b7b488eb869

  • SHA256

    18b87f1a6dad3d5150c03341000c697e1205dd63ecd1da35768bb1a9042b920a

  • SHA512

    b9a9f22a1186e93870e76e85187f908f33f73901a5200c4ea096946b54d722cac852a69fff737dd32c5bbe4b9a86c5a716e586b65736b57f8a4452dad04b7b04

Score
10/10
redlinenonameinfostealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18b87f1a6dad3d5150c03341000c697e1205dd63ecd1da35768bb1a9042b920a.exe
    "C:\Users\Admin\AppData\Local\Temp\18b87f1a6dad3d5150c03341000c697e1205dd63ecd1da35768bb1a9042b920a.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3548-118-0x00000000005A0000-0x00000000006EA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/3548-119-0x00000000005A0000-0x00000000006EA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/3548-120-0x0000000000400000-0x000000000047A000-memory.dmp
    Filesize

    488KB

    Download
  • memory/3548-121-0x0000000002690000-0x0000000002691000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3548-122-0x0000000002180000-0x00000000021B4000-memory.dmp
    Filesize

    208KB

    Download
  • memory/3548-123-0x0000000004B30000-0x000000000502E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3548-124-0x0000000002692000-0x0000000002693000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3548-125-0x0000000002693000-0x0000000002694000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3548-126-0x00000000024B0000-0x00000000024E2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/3548-127-0x0000000005640000-0x0000000005C46000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3548-128-0x00000000026A0000-0x00000000026B2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3548-129-0x0000000005030000-0x000000000513A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3548-130-0x0000000002610000-0x0000000002696000-memory.dmp
    Filesize

    536KB

    Download
  • memory/3548-131-0x0000000005170000-0x00000000051AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/3548-132-0x00000000051C0000-0x000000000520B000-memory.dmp
    Filesize

    300KB

    Download