Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    163s
  • max time network
    161s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    12-02-2022 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    837f00b506fd3e94fc963662f9c7c719bcebfb9b5ff2c0b91901e6a0c2300f9c.exe

  • Size

    384KB

  • MD5

    f5a59430f7041d4a6878f47058d711ca

  • SHA1

    17e0c29f7d579f0d5e8041f62ed011f818d23516

  • SHA256

    837f00b506fd3e94fc963662f9c7c719bcebfb9b5ff2c0b91901e6a0c2300f9c

  • SHA512

    68c7eb28acb4dd2df72b2c625ab24271093e2ef0fbd9a41b7af9d7efa8277eaf3779229f938a077706e4dd6c5bbd578e49f4179414b3c87e8c666406378bfeab

Score
10/10
redlineruzkikakoytoinfostealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes
  • auth_value

    44e87155dd7a4d1957a956ed040ff3fd

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\837f00b506fd3e94fc963662f9c7c719bcebfb9b5ff2c0b91901e6a0c2300f9c.exe
    "C:\Users\Admin\AppData\Local\Temp\837f00b506fd3e94fc963662f9c7c719bcebfb9b5ff2c0b91901e6a0c2300f9c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3352-115-0x0000000002D70000-0x0000000002D9B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/3352-116-0x0000000002F00000-0x0000000002F39000-memory.dmp
    Filesize

    228KB

    Download
  • memory/3352-117-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/3352-118-0x0000000073EAE000-0x0000000073EAF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3352-119-0x00000000075D0000-0x00000000075D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3352-120-0x0000000004A30000-0x0000000004A64000-memory.dmp
    Filesize

    208KB

    Download
  • memory/3352-121-0x00000000075D2000-0x00000000075D3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3352-122-0x00000000075D3000-0x00000000075D4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3352-123-0x00000000076E0000-0x0000000007BDE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3352-124-0x0000000005040000-0x0000000005072000-memory.dmp
    Filesize

    200KB

    Download
  • memory/3352-125-0x0000000007BE0000-0x00000000081E6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3352-126-0x0000000007570000-0x0000000007582000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3352-127-0x00000000081F0000-0x00000000082FA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3352-128-0x00000000075D4000-0x00000000075D6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3352-129-0x0000000008310000-0x000000000834E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/3352-130-0x0000000004C50000-0x0000000004C9B000-memory.dmp
    Filesize

    300KB

    Download