Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    23-05-2022 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbdefb34827c43cc79baf30ed9eee169794279d5f2a76b40682f3d9ad011c395.exe

  • Size

    378KB

  • MD5

    bdf77c674a5513cf2c6bb00d536f3ed1

  • SHA1

    34992d57e83a3ab463b94bb796b9d396c03fbfa3

  • SHA256

    cbdefb34827c43cc79baf30ed9eee169794279d5f2a76b40682f3d9ad011c395

  • SHA512

    2e20dbfe7d4c06c696012e4917f27d313caec0853b51f038a02eba11fbb102530f8e67c8f0e16e0a7c0b935e219961710a3909896c525133f4779ae96e69a7f8

Score
10/10
redlinetest1infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.75:80

Attributes
  • auth_value

    7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbdefb34827c43cc79baf30ed9eee169794279d5f2a76b40682f3d9ad011c395.exe
    "C:\Users\Admin\AppData\Local\Temp\cbdefb34827c43cc79baf30ed9eee169794279d5f2a76b40682f3d9ad011c395.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4464-117-0x0000000000791000-0x00000000007BB000-memory.dmp
    Filesize

    168KB

    Download
  • memory/4464-119-0x0000000000400000-0x00000000004A3000-memory.dmp
    Filesize

    652KB

    Download
  • memory/4464-118-0x00000000004B0000-0x00000000005FA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/4464-120-0x0000000000750000-0x0000000000780000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4464-122-0x0000000002490000-0x00000000024BE000-memory.dmp
    Filesize

    184KB

    Download
  • memory/4464-121-0x0000000004D10000-0x000000000520E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/4464-124-0x0000000002580000-0x0000000002592000-memory.dmp
    Filesize

    72KB

    Download
  • memory/4464-123-0x0000000005210000-0x0000000005816000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/4464-125-0x0000000004BA0000-0x0000000004CAA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/4464-126-0x00000000025B0000-0x00000000025EE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/4464-127-0x0000000004CB0000-0x0000000004CFB000-memory.dmp
    Filesize

    300KB

    Download