Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    130s
  • max time network
    132s
  • platform
    windows10_x64
  • resource
    win10-20220310-en
  • submitted
    14-04-2022 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    962920d5d3d6697446fad5749701c10dcc41f85b9dd13b43ad8e72882b8c9010.exe

  • Size

    367KB

  • MD5

    75f32610bccd154833d83b4f6b9f8d0c

  • SHA1

    84591fe1a988dc2b083d076e03e9d444c44a515e

  • SHA256

    962920d5d3d6697446fad5749701c10dcc41f85b9dd13b43ad8e72882b8c9010

  • SHA512

    bf3c24659d5a502a9c341dc276cb4fd09db91125d57f96020435d613de9f948ce76bbb3906f8c45c9c73d8716f80a53831d44abeb371135b5c2f2141aba9ae8e

Score
10/10
metastealerredline50discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

50

C2

193.106.191.153:23196

Attributes
  • auth_value

    8735fcb130c82dd9d353478678d60bde

Signatures

  • Meta Stealer Stealer

    Meta Stealer steals passwords stored in browsers, written in C++.

    stealermetastealer
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\962920d5d3d6697446fad5749701c10dcc41f85b9dd13b43ad8e72882b8c9010.exe
    "C:\Users\Admin\AppData\Local\Temp\962920d5d3d6697446fad5749701c10dcc41f85b9dd13b43ad8e72882b8c9010.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2228

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2228-119-0x0000000000490000-0x000000000053E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/2228-120-0x00000000020D0000-0x0000000002107000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2228-121-0x0000000000400000-0x0000000000484000-memory.dmp

    Filesize

    528KB

    Download

  • memory/2228-122-0x00000000021E0000-0x0000000002210000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2228-123-0x0000000004B90000-0x000000000508E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2228-124-0x0000000002590000-0x00000000025BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2228-125-0x00000000056A0000-0x0000000005CA6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2228-126-0x0000000002630000-0x0000000002642000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2228-127-0x0000000005090000-0x000000000519A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2228-128-0x0000000004B84000-0x0000000004B86000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2228-129-0x0000000004B10000-0x0000000004B4E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2228-130-0x00000000051A0000-0x00000000051EB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2228-131-0x0000000005440000-0x00000000054B6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2228-132-0x0000000005530000-0x00000000055C2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2228-133-0x0000000005410000-0x000000000542E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2228-134-0x0000000005610000-0x0000000005676000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2228-135-0x0000000007030000-0x00000000071F2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2228-136-0x0000000007200000-0x000000000772C000-memory.dmp

    Filesize

    5.2MB

    Download