Overview

overview

10

Static

static

7

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06-12-2022 12:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06ece311c226daf62863e5791def4efee02dacfeacc6b7635095d0a63b715a99.exe

  • Size

    1.5MB

  • MD5

    d1964c1b30d01262eccaee06c600d726

  • SHA1

    e213ef1a963cc1825b9183742bb2af555da72efe

  • SHA256

    06ece311c226daf62863e5791def4efee02dacfeacc6b7635095d0a63b715a99

  • SHA512

    02d5f5d71ef785dbc9a2c7bf960d60a19a7eeba3ae8227442c21ba153fc2443e0d1e5ec8319e70a55defcb1057f43d4f41602ba2089a64615dc3aaa8569d47a5

  • SSDEEP

    49152:H2z+hNyiTobT9875vxVZTE90wa1GImyAZ:H2iobT981Ze0wwGIPAZ

Score
10/10
redlineytevasioninfostealerspywarethemidatrojan

Malware Config

Extracted

Family

redline

Botnet

YT

C2

65.21.5.58:48811

Attributes
  • auth_value

    fb878dde7f3b4ad1e1bc26d24db36d28

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06ece311c226daf62863e5791def4efee02dacfeacc6b7635095d0a63b715a99.exe
    "C:\Users\Admin\AppData\Local\Temp\06ece311c226daf62863e5791def4efee02dacfeacc6b7635095d0a63b715a99.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1500

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1500-157-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-148-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-124-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-125-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-122-0x0000000000400000-0x000000000043A000-memory.dmp
    Filesize

    232KB

    Download
  • memory/1500-127-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-128-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-204-0x0000000008090000-0x00000000085BC000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/1500-203-0x0000000007180000-0x0000000007342000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1500-198-0x00000000066C0000-0x0000000006752000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1500-195-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-194-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-159-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-130-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-192-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-132-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-133-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-134-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-135-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-136-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-137-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-138-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-139-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-140-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-141-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-142-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-143-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-144-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-145-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-146-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-147-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-158-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-149-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-150-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-151-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-152-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-153-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-154-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-155-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-156-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-126-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-123-0x000000000041B576-mapping.dmp
    Download
  • memory/1500-193-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-160-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-161-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-162-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-163-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-164-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-165-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-166-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-167-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-168-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-169-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-170-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-171-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-172-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-173-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-174-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-175-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-176-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-177-0x0000000005CD0000-0x00000000062D6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/1500-178-0x0000000005830000-0x000000000593A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1500-179-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-180-0x0000000005780000-0x0000000005792000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1500-181-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-182-0x00000000057A0000-0x00000000057DE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1500-183-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-184-0x00000000057E0000-0x000000000582B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/1500-185-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-186-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-187-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-188-0x00000000067E0000-0x0000000006CDE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1500-189-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1500-190-0x0000000005AF0000-0x0000000005B56000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1500-191-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4976-131-0x00007FFEBFC30000-0x00007FFEBFE0B000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/4976-129-0x00000000002D0000-0x00000000007D0000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/4976-121-0x00007FFEBFC30000-0x00007FFEBFE0B000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/4976-120-0x0000022D8A5F0000-0x0000022D8A668000-memory.dmp
    Filesize

    480KB

    Download
  • memory/4976-119-0x00007FFEBFC30000-0x00007FFEBFE0B000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/4976-118-0x00000000002D0000-0x00000000007D0000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/4976-117-0x00000000002D0000-0x00000000007D0000-memory.dmp
    Filesize

    5.0MB

    Download