Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20220718-en
  • resource tags

    arch:x64arch:x86image:win10-20220718-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05-08-2022 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b64dcf88672644d50fc8c61722b0aa2e1c997dea3e2de6636867ccfc2564a8d.exe

  • Size

    211KB

  • MD5

    baec9b40c3e4e67b18d3e65e2254d48c

  • SHA1

    cba8f35fa9db4e67d800211ff017a65243b4e074

  • SHA256

    4b64dcf88672644d50fc8c61722b0aa2e1c997dea3e2de6636867ccfc2564a8d

  • SHA512

    8c0addad974a25e19041f6f1f692b9cfd16e731e04f7c0a088c6fa18e8837c79574f11e203192f717df6aa22e53b1f0366b01329ad6ac7815656f193be3b4936

Score
10/10
redlineaf2discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

AF2

C2

stcontact.top:80

Attributes
  • auth_value

    4d729a2faecb406a0eb1d6fcf30432fa

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b64dcf88672644d50fc8c61722b0aa2e1c997dea3e2de6636867ccfc2564a8d.exe
    "C:\Users\Admin\AppData\Local\Temp\4b64dcf88672644d50fc8c61722b0aa2e1c997dea3e2de6636867ccfc2564a8d.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2212
  • C:\Users\Admin\AppData\Local\Temp\7C35.exe
    C:\Users\Admin\AppData\Local\Temp\7C35.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:3320

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7C35.exe
    Filesize

    314KB

    MD5

    d950886d34c90b4dc56940f81c173673

    SHA1

    ce9bebd70e093127b66a27ee7eb8362e1e4c084d

    SHA256

    0a0357b12286be5331dcc812e1e8b2062b81aad1fa69543fa2d6a02c50fffb21

    SHA512

    ac76630f6a4c6f35537c8488e4fbe35fd57eacf8ef18de63a2c75b59ed8613e444170705455d15459d843ac8d870f60f4185b552a4d76579b624ce924f57675a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7C35.exe
    Filesize

    314KB

    MD5

    d950886d34c90b4dc56940f81c173673

    SHA1

    ce9bebd70e093127b66a27ee7eb8362e1e4c084d

    SHA256

    0a0357b12286be5331dcc812e1e8b2062b81aad1fa69543fa2d6a02c50fffb21

    SHA512

    ac76630f6a4c6f35537c8488e4fbe35fd57eacf8ef18de63a2c75b59ed8613e444170705455d15459d843ac8d870f60f4185b552a4d76579b624ce924f57675a

    Download Submit
  • memory/2212-117-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-118-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-119-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-120-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-121-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-122-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-123-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-124-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-125-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-126-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-127-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-128-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-129-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-130-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-131-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-132-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-133-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-134-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-135-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-136-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-137-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-138-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-139-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-141-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-140-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-143-0x0000000002756000-0x0000000002766000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2212-144-0x0000000002620000-0x0000000002629000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2212-145-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-142-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-146-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-147-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-149-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-150-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-151-0x0000000000400000-0x00000000024BB000-memory.dmp
    Filesize

    32.7MB

    Download
  • memory/2212-148-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2212-152-0x0000000000400000-0x00000000024BB000-memory.dmp
    Filesize

    32.7MB

    Download
  • memory/3320-155-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-156-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-153-0x0000000000000000-mapping.dmp
    Download
  • memory/3320-157-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-160-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-164-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-165-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-166-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-167-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-168-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-170-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-169-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-163-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-161-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-159-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-158-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-171-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-176-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-177-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-175-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-179-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-180-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-178-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-174-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-173-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-172-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-181-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-182-0x0000000002746000-0x0000000002771000-memory.dmp
    Filesize

    172KB

    Download
  • memory/3320-183-0x00000000040D0000-0x0000000004108000-memory.dmp
    Filesize

    224KB

    Download
  • memory/3320-184-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-185-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-188-0x0000000000400000-0x00000000024D4000-memory.dmp
    Filesize

    32.8MB

    Download
  • memory/3320-187-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-186-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-189-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-190-0x0000000076F40000-0x00000000770CE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3320-198-0x00000000044F0000-0x0000000004520000-memory.dmp
    Filesize

    192KB

    Download
  • memory/3320-203-0x0000000006D70000-0x000000000726E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3320-205-0x0000000004690000-0x00000000046C0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/3320-216-0x0000000007880000-0x0000000007E86000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3320-217-0x0000000006C50000-0x0000000006C62000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3320-218-0x0000000007270000-0x000000000737A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3320-221-0x0000000006CC0000-0x0000000006CFE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/3320-229-0x0000000006D10000-0x0000000006D5B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/3320-253-0x00000000086C0000-0x0000000008736000-memory.dmp
    Filesize

    472KB

    Download
  • memory/3320-254-0x0000000008740000-0x00000000087D2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3320-257-0x0000000008960000-0x000000000897E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/3320-258-0x00000000089E0000-0x0000000008A46000-memory.dmp
    Filesize

    408KB

    Download
  • memory/3320-266-0x0000000008D10000-0x0000000008D60000-memory.dmp
    Filesize

    320KB

    Download
  • memory/3320-267-0x0000000008ED0000-0x0000000009092000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3320-268-0x00000000090B0000-0x00000000095DC000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/3320-271-0x0000000002746000-0x0000000002771000-memory.dmp
    Filesize

    172KB

    Download
  • memory/3320-272-0x0000000000400000-0x00000000024D4000-memory.dmp
    Filesize

    32.8MB

    Download
  • memory/3320-277-0x0000000002746000-0x0000000002771000-memory.dmp
    Filesize

    172KB

    Download
  • memory/3320-278-0x0000000000400000-0x00000000024D4000-memory.dmp
    Filesize

    32.8MB

    Download