Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    132s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    23-05-2022 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    daaec082894c97714742fbb2ce1946d5b61ffbdbce24607cc94d3e7a29039760.exe

  • Size

    378KB

  • MD5

    4cc700c2322a610a9681131cd3f105a4

  • SHA1

    6c67c9b66c5e8c857def098985cf63b95f1b8490

  • SHA256

    daaec082894c97714742fbb2ce1946d5b61ffbdbce24607cc94d3e7a29039760

  • SHA512

    7d888b9ffc2a1b7aec29b67750c16bf2672adde96cfcd8e852ebace2c08bb34ffda73a6edca124ab0ae1f661eb4d05c5c86fea37d2f83e5f00d4e49e3b628b81

Score
10/10
redlinetest1infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.75:80

Attributes
  • auth_value

    7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\daaec082894c97714742fbb2ce1946d5b61ffbdbce24607cc94d3e7a29039760.exe
    "C:\Users\Admin\AppData\Local\Temp\daaec082894c97714742fbb2ce1946d5b61ffbdbce24607cc94d3e7a29039760.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1940-116-0x0000000000691000-0x00000000006BB000-memory.dmp
    Filesize

    168KB

    Download
  • memory/1940-118-0x0000000000400000-0x00000000004A3000-memory.dmp
    Filesize

    652KB

    Download
  • memory/1940-117-0x0000000000540000-0x000000000068A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1940-119-0x0000000002570000-0x00000000025A0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/1940-120-0x0000000004D70000-0x000000000526E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1940-121-0x0000000002710000-0x000000000273E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1940-123-0x00000000027C0000-0x00000000027D2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1940-124-0x0000000004C40000-0x0000000004D4A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1940-122-0x0000000005270000-0x0000000005876000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/1940-125-0x0000000005880000-0x00000000058BE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1940-126-0x0000000005900000-0x000000000594B000-memory.dmp
    Filesize

    300KB

    Download