Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    25-05-2022 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5013e735f183f57e9542fc90bd5bf2bd3f482b1b8e287d3072d7e3bb2320537.exe

  • Size

    380KB

  • MD5

    9e99f3937af836c5fddcb0b3b1934bd0

  • SHA1

    26436c3f699a1ae4f00cd56be1af211035833cb2

  • SHA256

    d5013e735f183f57e9542fc90bd5bf2bd3f482b1b8e287d3072d7e3bb2320537

  • SHA512

    7c29a9f915661d8d7ff7f09b6e03569a4fa74611ad72664c4db2f8e106600db7ff1a5dc2d134d8c2efef62b5e6093a43c47e18e9ba96822d934acb881e78836b

Score
10/10
redlinetest1infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.75:80

Attributes
  • auth_value

    7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5013e735f183f57e9542fc90bd5bf2bd3f482b1b8e287d3072d7e3bb2320537.exe
    "C:\Users\Admin\AppData\Local\Temp\d5013e735f183f57e9542fc90bd5bf2bd3f482b1b8e287d3072d7e3bb2320537.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3988-117-0x00000000006F1000-0x000000000071B000-memory.dmp
    Filesize

    168KB

    Download
  • memory/3988-118-0x0000000000540000-0x000000000068A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/3988-119-0x0000000000400000-0x00000000004A4000-memory.dmp
    Filesize

    656KB

    Download
  • memory/3988-120-0x00000000023A0000-0x00000000023D0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/3988-121-0x0000000004C30000-0x000000000512E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3988-122-0x0000000002600000-0x000000000262E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/3988-123-0x0000000005130000-0x0000000005736000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3988-124-0x0000000005740000-0x0000000005752000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3988-125-0x0000000005760000-0x000000000586A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3988-126-0x0000000005870000-0x00000000058AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/3988-127-0x0000000005900000-0x000000000594B000-memory.dmp
    Filesize

    300KB

    Download