Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    23-05-2022 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db6d6b20f75276255d77d0a2ea62c58934d0b5d1c8c093eac2e0e223d7365a13.exe

  • Size

    379KB

  • MD5

    df4d33c8d7cbbfae941a0ea06c936677

  • SHA1

    f4b113bfd6238e08ee61d233a50ee7770dfeb34a

  • SHA256

    db6d6b20f75276255d77d0a2ea62c58934d0b5d1c8c093eac2e0e223d7365a13

  • SHA512

    24673559cb0a7b4a6fc71e84b019187dbd4f73b6856b4f82daec2a16089aa5b0d7dc192011cd101574ed335e380582ed5dd6a586477ec675b6a67cb473720bde

Score
10/10
redlinetest1infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.75:80

Attributes
  • auth_value

    7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db6d6b20f75276255d77d0a2ea62c58934d0b5d1c8c093eac2e0e223d7365a13.exe
    "C:\Users\Admin\AppData\Local\Temp\db6d6b20f75276255d77d0a2ea62c58934d0b5d1c8c093eac2e0e223d7365a13.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1496-119-0x0000000000751000-0x000000000077B000-memory.dmp
    Filesize

    168KB

    Download
  • memory/1496-120-0x00000000004B0000-0x00000000005FA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1496-121-0x0000000000400000-0x00000000004A4000-memory.dmp
    Filesize

    656KB

    Download
  • memory/1496-122-0x0000000002230000-0x0000000002260000-memory.dmp
    Filesize

    192KB

    Download
  • memory/1496-124-0x00000000023C0000-0x00000000023EE000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1496-123-0x0000000004E00000-0x00000000052FE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1496-125-0x0000000005300000-0x0000000005906000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/1496-126-0x00000000025A0000-0x00000000025B2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1496-127-0x0000000005910000-0x0000000005A1A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1496-128-0x00000000026F0000-0x000000000272E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1496-129-0x0000000002880000-0x00000000028CB000-memory.dmp
    Filesize

    300KB

    Download