Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    54s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    18-06-2022 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9624dcd0be8ae624f512d55992458df3818ec94511aca023e570113d658277ff.exe

  • Size

    422KB

  • MD5

    5bcb34aa1485f6aa87021ba8e12fd9a3

  • SHA1

    0d4cf51c604f8b95ad3bfc6ab95510f9e019ebbe

  • SHA256

    9624dcd0be8ae624f512d55992458df3818ec94511aca023e570113d658277ff

  • SHA512

    affd94a2860e71063056665c086c5218281f6ae37b623563b8ccf00728589628038be2874195bcf74efc593b51f1c5449861a99fdac317634f8b01235a4209d9

Score
10/10
redlinemetadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

META

C2

193.106.191.245:23196

Attributes
  • auth_value

    2ea67e19fe494687c77a179004b4a1c8

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9624dcd0be8ae624f512d55992458df3818ec94511aca023e570113d658277ff.exe
    "C:\Users\Admin\AppData\Local\Temp\9624dcd0be8ae624f512d55992458df3818ec94511aca023e570113d658277ff.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1308

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1308-119-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-120-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-121-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-122-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-123-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-124-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-125-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-126-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-127-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-128-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-129-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-130-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-131-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-132-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-133-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-134-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-135-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-136-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-138-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-137-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-139-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-140-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-141-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-143-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-144-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-145-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-146-0x0000000002CE0000-0x0000000002D8E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/1308-147-0x00000000049A0000-0x00000000049D7000-memory.dmp
    Filesize

    220KB

    Download
  • memory/1308-148-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-149-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-150-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-151-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-152-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-153-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-154-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-155-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-156-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-157-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-158-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-159-0x0000000000400000-0x0000000002C88000-memory.dmp
    Filesize

    40.5MB

    Download
  • memory/1308-160-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-161-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-162-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-163-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-164-0x0000000004C60000-0x0000000004C90000-memory.dmp
    Filesize

    192KB

    Download
  • memory/1308-165-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-166-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-167-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-168-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-169-0x00000000073C0000-0x00000000078BE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1308-170-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-171-0x0000000007310000-0x000000000733E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1308-172-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-173-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-174-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-175-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-176-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-177-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-178-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-179-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-180-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-181-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-182-0x00000000078C0000-0x0000000007EC6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/1308-183-0x0000000007F20000-0x0000000007F32000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1308-184-0x0000000007F50000-0x000000000805A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1308-185-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-186-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-187-0x0000000008080000-0x00000000080BE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1308-188-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-189-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-190-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-191-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-192-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-193-0x00000000771D0000-0x000000007735E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1308-195-0x00000000080F0000-0x000000000813B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/1308-199-0x0000000008390000-0x0000000008406000-memory.dmp
    Filesize

    472KB

    Download
  • memory/1308-200-0x0000000008410000-0x00000000084A2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1308-203-0x00000000085F0000-0x000000000860E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/1308-205-0x00000000086A0000-0x0000000008706000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1308-213-0x0000000008D90000-0x0000000008F52000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1308-214-0x0000000008F70000-0x000000000949C000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/1308-217-0x0000000002CE0000-0x0000000002D8E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/1308-218-0x00000000049A0000-0x00000000049D7000-memory.dmp
    Filesize

    220KB

    Download
  • memory/1308-223-0x0000000002CE0000-0x0000000002D8E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/1308-224-0x0000000000400000-0x0000000002C88000-memory.dmp
    Filesize

    40.5MB

    Download