Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    49s
  • max time network
    58s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06-11-2022 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    724e1218c44e48c1303ce8149cb6db677e35994f49e13fd85f6a0de3605835f6.exe

  • Size

    405KB

  • MD5

    a5ab58a029efc4e1d6de0a9731596be0

  • SHA1

    df6d8def22092d1d397936f72937e89541766cd0

  • SHA256

    724e1218c44e48c1303ce8149cb6db677e35994f49e13fd85f6a0de3605835f6

  • SHA512

    6d7dbfcbfd1ebbbca8af4abb96423a819edea257bdd8732c15b23bf3e3b7a66f49e94a0eb4d045c5a07700a6004960162d52636022db72a5f7bda296fe24bbea

  • SSDEEP

    6144:FYiYatwkxfvtFSt9ROMXSfvw/vBetB7CqtjksMSOA34lv:2irVdzSt9RORfvw/vQtBBnM9

Score
10/10
redlinesukdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

suk

C2

193.106.191.25:47242

Attributes
  • auth_value

    9762d5bcad64c7855837e80c232c7e77

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\724e1218c44e48c1303ce8149cb6db677e35994f49e13fd85f6a0de3605835f6.exe
    "C:\Users\Admin\AppData\Local\Temp\724e1218c44e48c1303ce8149cb6db677e35994f49e13fd85f6a0de3605835f6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2124

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2124-120-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-121-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-122-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-123-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-124-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-125-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-126-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-127-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-128-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-129-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-130-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-132-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-131-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-133-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-134-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-135-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-136-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-137-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-138-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-139-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-140-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-141-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-142-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-143-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-144-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-145-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-146-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-147-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-148-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-149-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-150-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-152-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-153-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-154-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-155-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-156-0x0000000000970000-0x0000000000ABA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2124-157-0x0000000002510000-0x000000000257E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2124-158-0x0000000000400000-0x0000000000869000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2124-159-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-160-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-161-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-162-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-163-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-164-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-165-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-166-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-167-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-168-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-169-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-170-0x0000000002930000-0x000000000297A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2124-171-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-172-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-173-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-174-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-175-0x0000000005080000-0x000000000557E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2124-176-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-177-0x0000000002AD0000-0x0000000002B1A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2124-178-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-179-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-180-0x0000000005580000-0x0000000005B86000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2124-181-0x0000000004F00000-0x0000000004F12000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2124-182-0x0000000004F30000-0x000000000503A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2124-183-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-184-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-185-0x0000000005B90000-0x0000000005BCE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2124-186-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-187-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-188-0x0000000005BF0000-0x0000000005C3B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2124-189-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-190-0x0000000000970000-0x0000000000ABA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2124-191-0x0000000000400000-0x0000000000869000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2124-192-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-193-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-194-0x0000000005E80000-0x0000000005F12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2124-195-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-196-0x0000000005F20000-0x0000000005F86000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2124-197-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-198-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-199-0x0000000077710000-0x000000007789E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2124-204-0x00000000066F0000-0x0000000006766000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2124-205-0x0000000006780000-0x000000000679E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2124-206-0x0000000006860000-0x0000000006A22000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2124-207-0x0000000006A30000-0x0000000006F5C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2124-211-0x0000000000400000-0x0000000000869000-memory.dmp

    Filesize

    4.4MB

    Download