Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    51s
  • max time network
    60s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    17-06-2022 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c7c14e91ea06e44e234d9e5d255b0e1986e497e14be8a073ce60135999fe7ca.exe

  • Size

    372KB

  • MD5

    37375fe79011a857efa7eaed80996324

  • SHA1

    73548ae85c28cc12cc99f65387e8c73ab722891a

  • SHA256

    7c7c14e91ea06e44e234d9e5d255b0e1986e497e14be8a073ce60135999fe7ca

  • SHA512

    78db4849a57b9c476ae83085aa37837269a693bef8c4300fcea76767a7fc2768e42fd9f68f361cdfae8a373ea1aaab6c52a6e1583ff9321b878135626f461f52

Score
10/10
redlinemetadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

META

C2

193.106.191.245:23196

Attributes
  • auth_value

    2ea67e19fe494687c77a179004b4a1c8

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c7c14e91ea06e44e234d9e5d255b0e1986e497e14be8a073ce60135999fe7ca.exe
    "C:\Users\Admin\AppData\Local\Temp\7c7c14e91ea06e44e234d9e5d255b0e1986e497e14be8a073ce60135999fe7ca.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3768

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3768-117-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-118-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-119-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-120-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-121-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-122-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-123-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-124-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-125-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-126-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-127-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-128-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-129-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-130-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-131-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-132-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-133-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-134-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-135-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-136-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-137-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-138-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-139-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-140-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-141-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-142-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-143-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-144-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-145-0x00000000008BA000-0x00000000008E4000-memory.dmp
    Filesize

    168KB

    Download
  • memory/3768-146-0x00000000006F0000-0x000000000083A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/3768-147-0x0000000000400000-0x0000000000679000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/3768-148-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-149-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-150-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-151-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-152-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-153-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-154-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-155-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-156-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-157-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-158-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-159-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-160-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-161-0x0000000002930000-0x0000000002960000-memory.dmp
    Filesize

    192KB

    Download
  • memory/3768-162-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-163-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-164-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-165-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-166-0x0000000004E30000-0x000000000532E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3768-167-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-168-0x00000000029C0000-0x00000000029EE000-memory.dmp
    Filesize

    184KB

    Download
  • memory/3768-169-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-170-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-171-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-172-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-173-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-174-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-175-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-176-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-177-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-178-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-179-0x0000000005940000-0x0000000005F46000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3768-180-0x0000000002AB0000-0x0000000002AC2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3768-181-0x0000000005330000-0x000000000543A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3768-182-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-183-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-184-0x0000000005460000-0x000000000549E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/3768-185-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-186-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-187-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-188-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-189-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-190-0x0000000076F60000-0x00000000770EE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3768-192-0x00000000055D0000-0x000000000561B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/3768-196-0x00000000008BA000-0x00000000008E4000-memory.dmp
    Filesize

    168KB

    Download
  • memory/3768-197-0x00000000006F0000-0x000000000083A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/3768-198-0x0000000000400000-0x0000000000679000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/3768-200-0x0000000005770000-0x00000000057D6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/3768-208-0x0000000006420000-0x0000000006496000-memory.dmp
    Filesize

    472KB

    Download
  • memory/3768-209-0x0000000006500000-0x0000000006592000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3768-212-0x00000000065E0000-0x00000000065FE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/3768-213-0x0000000006910000-0x0000000006AD2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3768-214-0x0000000006AE0000-0x000000000700C000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/3768-221-0x00000000008BA000-0x00000000008E4000-memory.dmp
    Filesize

    168KB

    Download
  • memory/3768-222-0x0000000000400000-0x0000000000679000-memory.dmp
    Filesize

    2.5MB

    Download