Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    02-03-2022 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba7c122421ea694f82470b12b71146dc3be788d69e354891e78a9e40adab503b.exe

  • Size

    1.1MB

  • MD5

    f2639eddc30173c0ac72c29d27b18c53

  • SHA1

    43f19a7fdbadfee3072eef7efa396253ee2a251d

  • SHA256

    ba7c122421ea694f82470b12b71146dc3be788d69e354891e78a9e40adab503b

  • SHA512

    cb5acd9f3a229ee90d0328ecd23371c6be56f7958a34cf5ad3d2581bf9899e7ebe10f15191970bef9c9d520bc7f58b2c9e9edfee80777a531fb9975099538e2d

Score
10/10
redlinealltopdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

alltop

C2

deyneyab.xyz:80

Attributes
  • auth_value

    6fadc2b44b16945c8f721b77e484a725

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba7c122421ea694f82470b12b71146dc3be788d69e354891e78a9e40adab503b.exe
    "C:\Users\Admin\AppData\Local\Temp\ba7c122421ea694f82470b12b71146dc3be788d69e354891e78a9e40adab503b.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:220

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/220-130-0x0000000000A80000-0x0000000000BBA000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/220-131-0x0000000002660000-0x0000000002661000-memory.dmp

    Filesize

    4KB

    Download

  • memory/220-132-0x0000000000A80000-0x0000000000BBA000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/220-133-0x00000000026A0000-0x00000000026E6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/220-134-0x0000000000A82000-0x0000000000A9B000-memory.dmp

    Filesize

    100KB

    Download

  • memory/220-135-0x00000000768B0000-0x0000000076AC5000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/220-136-0x0000000000A82000-0x0000000000A9B000-memory.dmp

    Filesize

    100KB

    Download

  • memory/220-137-0x0000000002680000-0x0000000002681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/220-138-0x0000000000A80000-0x0000000000BBA000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/220-139-0x0000000073410000-0x0000000073499000-memory.dmp

    Filesize

    548KB

    Download

  • memory/220-140-0x000000007498E000-0x000000007498F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/220-141-0x0000000076C50000-0x0000000077203000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/220-142-0x0000000005740000-0x0000000005D58000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/220-143-0x0000000005150000-0x0000000005162000-memory.dmp

    Filesize

    72KB

    Download

  • memory/220-144-0x0000000005280000-0x000000000538A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/220-145-0x00000000051B0000-0x00000000051EC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/220-146-0x000000006EC20000-0x000000006EC6C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/220-147-0x0000000005130000-0x0000000005131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/220-148-0x0000000006370000-0x00000000063D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/220-149-0x0000000006580000-0x00000000065F6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/220-150-0x00000000066A0000-0x0000000006732000-memory.dmp

    Filesize

    584KB

    Download

  • memory/220-151-0x0000000006CF0000-0x0000000007294000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/220-152-0x00000000069A0000-0x00000000069BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/220-153-0x00000000072A0000-0x0000000007462000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/220-154-0x00000000079A0000-0x0000000007ECC000-memory.dmp

    Filesize

    5.2MB

    Download