Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    167s
  • max time network
    177s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    30-01-2022 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    564722cb4d9b0a99dea3c9fca0fd2fa31e88404f306d2c94e2fb60c91e856f1a.exe

  • Size

    399KB

  • MD5

    076fdc91cb1d050c18d59db078ce1831

  • SHA1

    ae8c9b087a3eb80b16964305d071dde85e928c7c

  • SHA256

    564722cb4d9b0a99dea3c9fca0fd2fa31e88404f306d2c94e2fb60c91e856f1a

  • SHA512

    75800cdc3b8ae9ea7a55ad99c7c0da99cd7aaab659e2d860adee3323731f02dcfdc9fed2e71e2ff04f54319257ff8539e01a38927538ec8ba03d64933ace4c9d

Score
10/10
redlinenonameinfostealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\564722cb4d9b0a99dea3c9fca0fd2fa31e88404f306d2c94e2fb60c91e856f1a.exe
    "C:\Users\Admin\AppData\Local\Temp\564722cb4d9b0a99dea3c9fca0fd2fa31e88404f306d2c94e2fb60c91e856f1a.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1524-118-0x00000000007B0000-0x00000000007DB000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1524-119-0x00000000020C0000-0x00000000020F9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1524-120-0x0000000000400000-0x000000000046B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1524-121-0x0000000002480000-0x00000000024B4000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1524-122-0x0000000004CE0000-0x00000000051DE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1524-124-0x0000000004CD2000-0x0000000004CD3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1524-123-0x0000000004CD0000-0x0000000004CD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1524-126-0x0000000004B20000-0x0000000004B52000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1524-125-0x0000000004CD3000-0x0000000004CD4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1524-127-0x00000000051E0000-0x00000000057E6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/1524-128-0x0000000004C10000-0x0000000004C22000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1524-129-0x00000000057F0000-0x00000000058FA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1524-130-0x0000000004CD4000-0x0000000004CD6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1524-131-0x0000000004C80000-0x0000000004CBE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1524-132-0x0000000005900000-0x000000000594B000-memory.dmp
    Filesize

    300KB

    Download