Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-09-2022 13:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87534ce5b09d35bc815ddba1f4f5ab5ac9d82fd0138f815a5df9f0a61540204f.exe

  • Size

    362KB

  • MD5

    757382420c0926bdb7b3cff3b506da75

  • SHA1

    15da91cb7eee7d31c11beedc0da17e63c1c70dd5

  • SHA256

    87534ce5b09d35bc815ddba1f4f5ab5ac9d82fd0138f815a5df9f0a61540204f

  • SHA512

    0c95398e6c1ba59d3e0f02baee00ede71ac36d5aa9b782c0c6bb24328d3239bc423b44d1d3c702936dcff87a531b86784a9ec18ca3454defd458d35dc6eeefaf

  • SSDEEP

    6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Score
10/10
redline0002discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes
  • auth_value

    866ce0ed8cfe2be77fb43a4912677698

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87534ce5b09d35bc815ddba1f4f5ab5ac9d82fd0138f815a5df9f0a61540204f.exe
    "C:\Users\Admin\AppData\Local\Temp\87534ce5b09d35bc815ddba1f4f5ab5ac9d82fd0138f815a5df9f0a61540204f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4776-120-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-121-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-122-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-123-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-124-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-125-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-126-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-127-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-128-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-129-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-130-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-131-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-132-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-133-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-134-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-135-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-136-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-137-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-138-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-139-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-140-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-141-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-142-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-143-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-144-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-145-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-146-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-147-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-148-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-149-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-150-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-151-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-152-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-153-0x0000000000D40000-0x0000000000DA0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/4776-154-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-155-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-156-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-157-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-158-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-159-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-160-0x0000000001740000-0x0000000001746000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4776-161-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-162-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-163-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-164-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-165-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-166-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-167-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-168-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-169-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-170-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-171-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-172-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-173-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-174-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-175-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-176-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-177-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-178-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-179-0x0000000005CC0000-0x00000000062C6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4776-180-0x00000000057C0000-0x00000000058CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4776-181-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-182-0x00000000056F0000-0x0000000005702000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4776-183-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-184-0x0000000005750000-0x000000000578E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4776-185-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-186-0x00000000058D0000-0x000000000591B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4776-187-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-188-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-189-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-190-0x0000000005BA0000-0x0000000005C32000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4776-191-0x0000000006CE0000-0x00000000071DE000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4776-192-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-194-0x0000000005C40000-0x0000000005CA6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4776-202-0x0000000006860000-0x00000000068D6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4776-203-0x00000000068E0000-0x0000000006930000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4776-204-0x00000000071E0000-0x00000000073A2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4776-205-0x0000000008F60000-0x000000000948C000-memory.dmp

    Filesize

    5.2MB

    Download