Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    24-05-2022 04:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21831558535de347468834198ecd50c02be0e057da440d3e0facb95093f05eb4.exe

  • Size

    405KB

  • MD5

    a0edd5bcc0677ccabfa1ae4b46a66fd8

  • SHA1

    142581abf1dfef51083819d239fef84babee2166

  • SHA256

    21831558535de347468834198ecd50c02be0e057da440d3e0facb95093f05eb4

  • SHA512

    a901222db81f78019e50e1044a4c9b1e0543b8064d06e09742605c47ccd9c2743170e397da2c6dbf5b7366c18477dd0d72bb28850f47b57840f7ba60489aab72

Score
10/10
redlinetest1infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.75:80

Attributes
  • auth_value

    7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21831558535de347468834198ecd50c02be0e057da440d3e0facb95093f05eb4.exe
    "C:\Users\Admin\AppData\Local\Temp\21831558535de347468834198ecd50c02be0e057da440d3e0facb95093f05eb4.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2192-119-0x0000000002860000-0x0000000002890000-memory.dmp
    Filesize

    192KB

    Download
  • memory/2192-120-0x0000000000BD7000-0x0000000000C01000-memory.dmp
    Filesize

    168KB

    Download
  • memory/2192-122-0x0000000005280000-0x000000000577E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2192-121-0x0000000000AE0000-0x0000000000B17000-memory.dmp
    Filesize

    220KB

    Download
  • memory/2192-123-0x0000000000400000-0x000000000092E000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/2192-124-0x0000000002B60000-0x0000000002B8E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2192-125-0x0000000005780000-0x0000000005D86000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2192-126-0x0000000002D40000-0x0000000002D52000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2192-127-0x00000000050F0000-0x00000000051FA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2192-128-0x0000000005200000-0x000000000523E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2192-129-0x0000000005E90000-0x0000000005EDB000-memory.dmp
    Filesize

    300KB

    Download