Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    12-02-2022 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d905d696672b71a96fd906da7e2d4b13d78a61752b0af0c02ec1d07fb954494.exe

  • Size

    384KB

  • MD5

    976059601c82f50f0a255aea800d411a

  • SHA1

    e9ef4e81bb89afb301a14b0505b0cca6b487649e

  • SHA256

    6d905d696672b71a96fd906da7e2d4b13d78a61752b0af0c02ec1d07fb954494

  • SHA512

    9e2a42bb7e4a9bd7ca63592798a99105fab112dcd424d77b03d441e51349359ae521e475ebd2ad5df48be662b9f4cc0bf58489ca147b86cb235b42a4821d9acf

Score
10/10
redlinenonamediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes
  • auth_value

    ee92d883673b7156fdd66cac5fc8d2d0

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d905d696672b71a96fd906da7e2d4b13d78a61752b0af0c02ec1d07fb954494.exe
    "C:\Users\Admin\AppData\Local\Temp\6d905d696672b71a96fd906da7e2d4b13d78a61752b0af0c02ec1d07fb954494.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1208

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1208-114-0x0000000003AD0000-0x0000000003B04000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1208-115-0x0000000003660000-0x000000000368B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1208-116-0x0000000003690000-0x00000000036C9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1208-117-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/1208-118-0x000000007309E000-0x000000007309F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1208-119-0x0000000003790000-0x0000000003791000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1208-120-0x0000000003792000-0x0000000003793000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1208-121-0x0000000003793000-0x0000000003794000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1208-122-0x00000000061F0000-0x00000000066EE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1208-123-0x0000000003C90000-0x0000000003CC2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1208-124-0x00000000066F0000-0x0000000006CF6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/1208-125-0x0000000003D90000-0x0000000003DA2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1208-126-0x0000000006D00000-0x0000000006E0A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1208-127-0x0000000003E00000-0x0000000003E3E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1208-128-0x0000000003E50000-0x0000000003E9B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/1208-129-0x0000000003794000-0x0000000003796000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1208-130-0x0000000007060000-0x00000000070C6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1208-131-0x0000000007600000-0x0000000007676000-memory.dmp
    Filesize

    472KB

    Download
  • memory/1208-132-0x00000000077F0000-0x0000000007882000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1208-133-0x00000000076C0000-0x00000000076DE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/1208-134-0x0000000007AE0000-0x0000000007CA2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1208-135-0x0000000007CB0000-0x00000000081DC000-memory.dmp
    Filesize

    5.2MB

    Download