Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    54s
  • max time network
    136s
  • platform
    windows10-1703_x64
  • resource
    win10-20220722-en
  • resource tags

    arch:x64arch:x86image:win10-20220722-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-08-2022 06:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b5682a746639f19d78104dbbdc629fb71e079d29aee4a15daefea7ee1680f53.exe

  • Size

    352KB

  • MD5

    fe3ac4d0e8dfb654ddeeb224bddcaacf

  • SHA1

    12428273d83136894092244deaa7570c6df6b4a1

  • SHA256

    7b5682a746639f19d78104dbbdc629fb71e079d29aee4a15daefea7ee1680f53

  • SHA512

    d860b3e20f0a5b0ad1e8578b764f59439abfcde0f001649c218d7da779495f521a458a2e8420c3a4630eb6e5045255bece7fc9deb53ac87d9501be4d115e25b9

Score
10/10
redlineruzkidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

ruzki

C2

193.106.191.165:39482

Attributes
  • auth_value

    71a0558c0eea274a5bd617ea85786884

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b5682a746639f19d78104dbbdc629fb71e079d29aee4a15daefea7ee1680f53.exe
    "C:\Users\Admin\AppData\Local\Temp\7b5682a746639f19d78104dbbdc629fb71e079d29aee4a15daefea7ee1680f53.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2532

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2532-127-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-128-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-129-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-130-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-131-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-132-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-133-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-134-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-135-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-136-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-137-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-138-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-139-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-140-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-141-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-142-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-143-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-144-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-145-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-146-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-147-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-148-0x0000000002806000-0x0000000002830000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2532-150-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-149-0x00000000024E0000-0x000000000262A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2532-151-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-152-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-153-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-154-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-155-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-156-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-157-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-158-0x0000000000400000-0x00000000024DD000-memory.dmp

    Filesize

    32.9MB

    Download

  • memory/2532-159-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-160-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-161-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-162-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-163-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-164-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-165-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-166-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-167-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-168-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-169-0x0000000004330000-0x0000000004362000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2532-170-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-171-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-172-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-173-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-174-0x0000000006C40000-0x000000000713E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2532-175-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-176-0x00000000045F0000-0x0000000004620000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2532-177-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-178-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-179-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-180-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-181-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-182-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-183-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-184-0x0000000002806000-0x0000000002830000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2532-185-0x00000000024E0000-0x000000000262A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2532-186-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-187-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-188-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-189-0x0000000007140000-0x0000000007746000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2532-190-0x0000000006B80000-0x0000000006B92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2532-191-0x0000000007750000-0x000000000785A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2532-192-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-193-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-195-0x0000000006BD0000-0x0000000006C0E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2532-194-0x0000000000400000-0x00000000024DD000-memory.dmp

    Filesize

    32.9MB

    Download

  • memory/2532-196-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-197-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-198-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-199-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-200-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-201-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-202-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-203-0x0000000007870000-0x00000000078BB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2532-204-0x0000000077220000-0x00000000773AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2532-207-0x0000000007B10000-0x0000000007B86000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2532-208-0x0000000007C00000-0x0000000007C92000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2532-211-0x0000000007AE0000-0x0000000007AFE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2532-213-0x0000000007E30000-0x0000000007E96000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2532-221-0x0000000008640000-0x0000000008802000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2532-222-0x0000000008820000-0x0000000008D4C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2532-229-0x0000000002806000-0x0000000002830000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2532-230-0x0000000000400000-0x00000000024DD000-memory.dmp

    Filesize

    32.9MB

    Download