Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    53s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10-20220331-en
  • submitted
    14-04-2022 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e75abd3b39550469ceac4f4736c48c3385aa776a3b5debbbd87a7dfa7ab7780d.exe

  • Size

    367KB

  • MD5

    6b2ea627db76f7bcaf9a64bbe560e120

  • SHA1

    b587308d91215ec719a5f83235abd2281d88b774

  • SHA256

    e75abd3b39550469ceac4f4736c48c3385aa776a3b5debbbd87a7dfa7ab7780d

  • SHA512

    879d7ab3c57952e1c6c4e9d2404067b41decc21e2815e9294c371f3bd88e10503aebcd82e4121214ff10bbd79a2e4c9e5ae64d86eb850a7c38db420eeaf3ce8c

Score
10/10
metastealerredline50discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

50

C2

193.106.191.153:23196

Attributes
  • auth_value

    8735fcb130c82dd9d353478678d60bde

Signatures

  • Meta Stealer Stealer

    Meta Stealer steals passwords stored in browsers, written in C++.

    stealermetastealer
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e75abd3b39550469ceac4f4736c48c3385aa776a3b5debbbd87a7dfa7ab7780d.exe
    "C:\Users\Admin\AppData\Local\Temp\e75abd3b39550469ceac4f4736c48c3385aa776a3b5debbbd87a7dfa7ab7780d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2396

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2396-116-0x00000000007E1000-0x000000000080B000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2396-117-0x00000000007E1000-0x000000000080B000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2396-118-0x00000000005E0000-0x0000000000617000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2396-119-0x0000000000400000-0x0000000000484000-memory.dmp

    Filesize

    528KB

    Download

  • memory/2396-120-0x0000000002240000-0x0000000002270000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2396-121-0x0000000004D00000-0x00000000051FE000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2396-122-0x0000000002510000-0x000000000253E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2396-123-0x0000000005200000-0x0000000005806000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2396-124-0x0000000004C00000-0x0000000004C12000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2396-125-0x0000000005810000-0x000000000591A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2396-126-0x0000000004C50000-0x0000000004C8E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2396-127-0x0000000004CF4000-0x0000000004CF6000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2396-128-0x0000000005A20000-0x0000000005A6B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2396-129-0x0000000005B90000-0x0000000005C06000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2396-130-0x0000000005C80000-0x0000000005D12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2396-131-0x0000000005B60000-0x0000000005B7E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2396-132-0x0000000005E70000-0x0000000005ED6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2396-133-0x0000000007270000-0x0000000007432000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2396-134-0x0000000007450000-0x000000000797C000-memory.dmp

    Filesize

    5.2MB

    Download