Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    73s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06/11/2022, 18:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d6805bab978e733efa5b74f38f71121787db6a7344f4b961490466cf790f7e0.exe

  • Size

    405KB

  • MD5

    3b212d7a01b0eae10ccf05d3d68adc47

  • SHA1

    8f16352f4cd8bcab053e8122f44e856714d0f6b3

  • SHA256

    0d6805bab978e733efa5b74f38f71121787db6a7344f4b961490466cf790f7e0

  • SHA512

    8442c2fd51d8e833167da954b27550206a48883c7ea336703fe1c3a316ec6d60bd4de4d3f85d015f0d1e32bf730a345546f6702eec5f2315eada7d5e5cf795a4

  • SSDEEP

    6144:aIGnW/MwKAcL8HyPkxjVsdXCBbKyjO5pmyCUth3:YnWVKO6dyBfV+

Score
10/10
redlinesukdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

suk

C2

193.106.191.25:47242

Attributes
  • auth_value

    9762d5bcad64c7855837e80c232c7e77

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d6805bab978e733efa5b74f38f71121787db6a7344f4b961490466cf790f7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\0d6805bab978e733efa5b74f38f71121787db6a7344f4b961490466cf790f7e0.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2672

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2672-118-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-119-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-120-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-121-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-122-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-123-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-124-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-125-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-126-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-127-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-128-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-129-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-130-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-131-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-132-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-133-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-134-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-135-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-136-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-137-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-139-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-138-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-140-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-141-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-142-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-143-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-144-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-145-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-146-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-147-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-148-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-150-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-151-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-152-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-153-0x00000000008C0000-0x000000000096E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/2672-154-0x00000000024E0000-0x000000000254E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2672-155-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-156-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-157-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-158-0x0000000000400000-0x0000000000869000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2672-159-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-161-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-160-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-162-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-163-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-164-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-165-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-166-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-167-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-168-0x0000000002610000-0x000000000265A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2672-169-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-170-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-171-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-172-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-173-0x0000000005090000-0x000000000558E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2672-175-0x00000000029C0000-0x0000000002A0A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2672-174-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-176-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-177-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-178-0x0000000005590000-0x0000000005B96000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2672-179-0x0000000004F00000-0x0000000004F12000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2672-180-0x0000000004F30000-0x000000000503A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2672-181-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-182-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-183-0x0000000005040000-0x000000000507E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2672-184-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-185-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-186-0x0000000005BF0000-0x0000000005C3B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2672-187-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-188-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-189-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-190-0x00000000008C0000-0x000000000096E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/2672-191-0x00000000024E0000-0x000000000254E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2672-192-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-193-0x00000000061F0000-0x0000000006282000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2672-194-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-195-0x0000000006290000-0x00000000062F6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2672-196-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-197-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-203-0x00000000067F0000-0x0000000006866000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2672-204-0x0000000006890000-0x00000000068AE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2672-205-0x0000000006940000-0x0000000006B02000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2672-206-0x0000000006B20000-0x000000000704C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2672-210-0x0000000000400000-0x0000000000869000-memory.dmp

    Filesize

    4.4MB

    Download