Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    141s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-10-2022 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2af69ee37c0cbadbf319590b17ed78da9eab323066dfe01ca1b606a8f2552617.exe

  • Size

    387KB

  • MD5

    b6db895a3cf9d19fab24620b4daa8982

  • SHA1

    b58d8da796e84251af302644f1e6359f8fc03bdd

  • SHA256

    2af69ee37c0cbadbf319590b17ed78da9eab323066dfe01ca1b606a8f2552617

  • SHA512

    388ebbd253d17da71cdb9470eb4fadd4159350a1eb49cd52f65d67d2178fb1aa83fadea1bc587d33bff913f8d4fc58c3fb442919a0d50974dc299915fdfff03a

  • SSDEEP

    6144:+Wq5vZ/zc6hrjxtlES9QUJpZSHsAi4LF4mUj41+T/MZ5jq50:+Wq5Nc6hrjxtlE6lJp7d4LF4mrjj

Score
10/10
redlinedzkeydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dzkey

C2

193.106.191.19:47242

Attributes
  • auth_value

    52a449fd61ad73c3abc266d47c699ceb

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2af69ee37c0cbadbf319590b17ed78da9eab323066dfe01ca1b606a8f2552617.exe
    "C:\Users\Admin\AppData\Local\Temp\2af69ee37c0cbadbf319590b17ed78da9eab323066dfe01ca1b606a8f2552617.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4208

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4208-116-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-117-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-118-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-119-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-120-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-121-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-123-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-122-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-124-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-125-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-126-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-127-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-128-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-129-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-131-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-132-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-133-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-134-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-135-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-137-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-136-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-138-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-139-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-140-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-141-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-142-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-143-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-144-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-145-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-146-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-147-0x0000000002C50000-0x0000000002CFE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/4208-148-0x00000000030A0000-0x00000000030F8000-memory.dmp

    Filesize

    352KB

    Download

  • memory/4208-149-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-150-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-151-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-152-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-153-0x0000000000400000-0x0000000002C4E000-memory.dmp

    Filesize

    40.3MB

    Download

  • memory/4208-154-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-155-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-156-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-157-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-158-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-159-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-160-0x0000000007220000-0x000000000726C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4208-161-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-162-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-163-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-164-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-165-0x0000000007270000-0x000000000776E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4208-166-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-167-0x0000000007770000-0x00000000077B8000-memory.dmp

    Filesize

    288KB

    Download

  • memory/4208-168-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-169-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-170-0x00000000077C0000-0x0000000007DC6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4208-171-0x0000000004EB0000-0x0000000004EC2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4208-172-0x0000000007E20000-0x0000000007F2A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4208-173-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-174-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-175-0x0000000007F30000-0x0000000007F6E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4208-176-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-177-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-178-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-179-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-180-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-181-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-182-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-183-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-184-0x0000000007FC0000-0x000000000800B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4208-185-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-186-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-187-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-188-0x0000000008250000-0x00000000082E2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4208-189-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-190-0x00000000082F0000-0x0000000008356000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4208-191-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-192-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-193-0x0000000077C20000-0x0000000077DAE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4208-198-0x00000000089B0000-0x0000000008A26000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4208-199-0x0000000008A50000-0x0000000008A6E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4208-200-0x0000000002C50000-0x0000000002CFE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/4208-201-0x0000000008D70000-0x0000000008F32000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4208-202-0x0000000008F40000-0x000000000946C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4208-206-0x0000000002C50000-0x0000000002CFE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/4208-207-0x0000000000400000-0x0000000002C4E000-memory.dmp

    Filesize

    40.3MB

    Download