Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    25-05-2022 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6ca1a3e3a0088c5b44ad94dcdc9400870f469e29abbb3428bb99425b82bfa19.exe

  • Size

    379KB

  • MD5

    d1b3425d48340279588608d92ca2722b

  • SHA1

    bbed613200e5c34785bd32aa3b6d8fa6f0c5c1bf

  • SHA256

    d6ca1a3e3a0088c5b44ad94dcdc9400870f469e29abbb3428bb99425b82bfa19

  • SHA512

    7464be8f4e30db696fd1902c5452f7c729ac24979a1a690053dfbbed513d9f4d406a172bfe77d28421c354653c25f986bfdfdf532db0cf1a87a951a596f88772

Score
10/10
redlinetest1infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.75:80

Attributes
  • auth_value

    7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6ca1a3e3a0088c5b44ad94dcdc9400870f469e29abbb3428bb99425b82bfa19.exe
    "C:\Users\Admin\AppData\Local\Temp\d6ca1a3e3a0088c5b44ad94dcdc9400870f469e29abbb3428bb99425b82bfa19.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4020-115-0x0000000002260000-0x0000000002290000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4020-116-0x0000000004BF0000-0x00000000050EE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/4020-117-0x00000000004B0000-0x00000000005FA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/4020-118-0x00000000004B0000-0x000000000055E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/4020-120-0x0000000002440000-0x000000000246E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/4020-119-0x0000000000400000-0x00000000004A4000-memory.dmp
    Filesize

    656KB

    Download
  • memory/4020-121-0x00000000050F0000-0x00000000056F6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/4020-122-0x0000000005740000-0x0000000005752000-memory.dmp
    Filesize

    72KB

    Download
  • memory/4020-123-0x0000000005760000-0x000000000586A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/4020-124-0x0000000005870000-0x00000000058AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/4020-125-0x0000000005900000-0x000000000594B000-memory.dmp
    Filesize

    300KB

    Download