Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    69s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2023 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f5e48fc6ee585c3d5fb9144629f26caafc56a0ceffb6310ff3b9ccb62d277ae.exe

  • Size

    338KB

  • MD5

    5ef4d9393c04c54ecac5e67d28a5a9b2

  • SHA1

    7fda792146ba9df87d63b6e0296871ab2ef3abf1

  • SHA256

    4f5e48fc6ee585c3d5fb9144629f26caafc56a0ceffb6310ff3b9ccb62d277ae

  • SHA512

    809e78c98819fd31fcfa232ceb706377eeae95f2b0319cf26b3ed9c486ddc643fe4820276571897932cbb195d8aa12e0a99f024e74284a27bf9eabefb461ccbd

  • SSDEEP

    6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H

Score
10/10
redline24.01discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

24.01

C2

37.220.86.164:29170

Attributes
  • auth_value

    1c7f0aa21138601b5201a3a4a0123991

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f5e48fc6ee585c3d5fb9144629f26caafc56a0ceffb6310ff3b9ccb62d277ae.exe
    "C:\Users\Admin\AppData\Local\Temp\4f5e48fc6ee585c3d5fb9144629f26caafc56a0ceffb6310ff3b9ccb62d277ae.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4540

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4540-132-0x00000000003B0000-0x000000000040A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/4540-133-0x000000000AA60000-0x000000000B078000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4540-134-0x000000000A5C0000-0x000000000A6CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4540-135-0x000000000A4F0000-0x000000000A502000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4540-136-0x000000000A550000-0x000000000A58C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4540-137-0x000000000A890000-0x000000000A922000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4540-138-0x000000000B630000-0x000000000BBD4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4540-139-0x000000000A930000-0x000000000A996000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4540-140-0x000000000BC60000-0x000000000BCD6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4540-141-0x000000000BBE0000-0x000000000BC30000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4540-142-0x000000000D170000-0x000000000D332000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4540-143-0x000000000D870000-0x000000000DD9C000-memory.dmp

    Filesize

    5.2MB

    Download