Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    52s
  • max time network
    64s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-09-2022 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13077bc05aebb03927599eec518ff8d168f9461ff878fbf10b652599c3e1d8d1.exe

  • Size

    361KB

  • MD5

    4cfceba52df9dbf781a70e7ca63d6bb3

  • SHA1

    82d60c5b2c4b36f82bf4d8e2133b91ec2e2b1143

  • SHA256

    13077bc05aebb03927599eec518ff8d168f9461ff878fbf10b652599c3e1d8d1

  • SHA512

    cdcbc8c9a04bd6d85da83ee966101dfc254c631c0f4a6b4ca5c7cb241f1eae476ae32544733c6102d5c2d67a2ff0cfc9dbacf8fa226238a138553c4b44e63878

  • SSDEEP

    6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Score
10/10
redline0002discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes
  • auth_value

    866ce0ed8cfe2be77fb43a4912677698

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\13077bc05aebb03927599eec518ff8d168f9461ff878fbf10b652599c3e1d8d1.exe
    "C:\Users\Admin\AppData\Local\Temp\13077bc05aebb03927599eec518ff8d168f9461ff878fbf10b652599c3e1d8d1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2740

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2740-116-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-117-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-118-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-120-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-119-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-121-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-122-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-123-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-124-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-125-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-126-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-127-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-128-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-129-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-130-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-131-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-133-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-134-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-132-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-135-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-136-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-137-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-138-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-139-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-140-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-142-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-143-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-144-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-141-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-145-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-146-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-147-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-148-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-149-0x0000000000ED0000-0x0000000000F30000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2740-150-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-151-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-152-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-153-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-154-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-155-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-156-0x0000000003210000-0x0000000003216000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2740-157-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-158-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-159-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-161-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-160-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-162-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-163-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-164-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-165-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-166-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-167-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-168-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-169-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-170-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-171-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-172-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-174-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-173-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-175-0x000000000B410000-0x000000000BA16000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2740-176-0x000000000AF70000-0x000000000B07A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2740-177-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-178-0x000000000AEA0000-0x000000000AEB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2740-179-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-180-0x000000000AF00000-0x000000000AF3E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2740-181-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-182-0x000000000B080000-0x000000000B0CB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2740-183-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-184-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-185-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-186-0x000000000BF20000-0x000000000C41E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2740-187-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2740-188-0x000000000B330000-0x000000000B396000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2740-196-0x000000000BE20000-0x000000000BEB2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2740-198-0x000000000C420000-0x000000000C496000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2740-199-0x000000000BEC0000-0x000000000BF10000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2740-200-0x000000000C800000-0x000000000C9C2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2740-201-0x000000000CF00000-0x000000000D42C000-memory.dmp

    Filesize

    5.2MB

    Download