Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    55s
  • max time network
    45s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    10-02-2022 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea6d62a189240369f269db2d7210cf37a727eef30cda7e091260ad6e81d555bc.exe

  • Size

    340KB

  • MD5

    6f93da45cd0ade7b46544a6a13a14946

  • SHA1

    e7a0399716c49117ba96835a23e6b7b9193b6b87

  • SHA256

    ea6d62a189240369f269db2d7210cf37a727eef30cda7e091260ad6e81d555bc

  • SHA512

    8098bf652c42b8a4524ba42d9cc2e4c76288b239510c9abf692fa0a8288f24edfa046fcbffc1e8246e1b377f4d56f89bb2f0f78f033a1110a10fb7c71662c309

Score
10/10
redlinenonamediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea6d62a189240369f269db2d7210cf37a727eef30cda7e091260ad6e81d555bc.exe
    "C:\Users\Admin\AppData\Local\Temp\ea6d62a189240369f269db2d7210cf37a727eef30cda7e091260ad6e81d555bc.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1732

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1732-115-0x0000000002D90000-0x0000000002DBB000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1732-116-0x0000000004880000-0x00000000048B9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1732-117-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/1732-118-0x0000000073CCE000-0x0000000073CCF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1732-119-0x0000000007460000-0x0000000007461000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1732-120-0x0000000004BD0000-0x0000000004C04000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1732-121-0x0000000007470000-0x000000000796E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1732-122-0x0000000004D80000-0x0000000004DB2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1732-123-0x0000000007970000-0x0000000007F76000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/1732-124-0x0000000007462000-0x0000000007463000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1732-125-0x0000000007463000-0x0000000007464000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1732-126-0x00000000072A0000-0x00000000072B2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1732-127-0x00000000072D0000-0x00000000073DA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1732-128-0x0000000007420000-0x000000000745E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1732-129-0x0000000007464000-0x0000000007466000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1732-130-0x0000000007F90000-0x0000000007FDB000-memory.dmp
    Filesize

    300KB

    Download
  • memory/1732-131-0x0000000008230000-0x00000000082A6000-memory.dmp
    Filesize

    472KB

    Download
  • memory/1732-132-0x0000000008320000-0x00000000083B2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1732-133-0x00000000082F0000-0x000000000830E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/1732-134-0x0000000008520000-0x0000000008586000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1732-135-0x0000000008C40000-0x0000000008E02000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1732-136-0x0000000008E20000-0x000000000934C000-memory.dmp
    Filesize

    5.2MB

    Download