Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2022, 06:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbbeaa246c94b8d2d410fb10e8de58bf34210c4c2102a5f77613c67153cc841e.exe

  • Size

    2.4MB

  • MD5

    c428ce3d43a1fdbadd8eacc8b72b42e5

  • SHA1

    bfe74fa0bfeff3ee9f0211f050f77f12bbc7bbb1

  • SHA256

    dbbeaa246c94b8d2d410fb10e8de58bf34210c4c2102a5f77613c67153cc841e

  • SHA512

    e3b2a9eb7372bdc218d4ea9b717ec228bd08b8c83df67d851beb830ff993e5a01dd04a689d14a4b07fd7b1edc828cce7c70dfa92fa08051cbb3986d17aa337b2

  • SSDEEP

    24576:lWaIgjWkZAY/Y1MWbB91Mr8l0rimDc50RV38lodVEFianILaDNl3RuQ553139:IkAzCPnVEFianIKl3X

Score
10/10
redlineinfostealer

Malware Config

Extracted

Family

redline

C2

152.89.219.248:19932

Attributes
  • auth_value

    243d546aabe04bf57a8c783938af0d9b

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbbeaa246c94b8d2d410fb10e8de58bf34210c4c2102a5f77613c67153cc841e.exe
    "C:\Users\Admin\AppData\Local\Temp\dbbeaa246c94b8d2d410fb10e8de58bf34210c4c2102a5f77613c67153cc841e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3112
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:150844

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3112-138-0x0000000000400000-0x000000000055D000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3112-139-0x0000000000400000-0x000000000055D000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/150844-133-0x0000000000400000-0x000000000041C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/150844-140-0x0000000004F90000-0x00000000055A8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/150844-141-0x00000000049B0000-0x00000000049C2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/150844-142-0x0000000004AE0000-0x0000000004BEA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/150844-143-0x0000000004A10000-0x0000000004A4C000-memory.dmp

      Filesize

      240KB

      Download