Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    52s
  • max time network
    64s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/02/2023, 01:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    47c8c0ff6025475a11d36d3c35fc0c197b0755bd541e0cdae828d78f7287e8f5.exe

  • Size

    338KB

  • MD5

    5da7e1c1045a5881f15731be72b006e3

  • SHA1

    feaf70b4e48f2d4ec092e4adc36515e4f0e44db8

  • SHA256

    47c8c0ff6025475a11d36d3c35fc0c197b0755bd541e0cdae828d78f7287e8f5

  • SHA512

    3eb22f8b537a91a9cf1cc9adff8fe09c3e52132855c32d2dcd6868c9aabc28bf4d49938b87db48e1d8b29cef5971a7e797695501533216dccf2c7c59446b9ba2

  • SSDEEP

    6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H

Score
10/10
redline24.01discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

24.01

C2

37.220.86.164:29170

Attributes
  • auth_value

    1c7f0aa21138601b5201a3a4a0123991

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47c8c0ff6025475a11d36d3c35fc0c197b0755bd541e0cdae828d78f7287e8f5.exe
    "C:\Users\Admin\AppData\Local\Temp\47c8c0ff6025475a11d36d3c35fc0c197b0755bd541e0cdae828d78f7287e8f5.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2740

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2740-116-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-117-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-118-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-119-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-120-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-121-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-122-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-123-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-124-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-125-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-126-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-127-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-128-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-129-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-130-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-131-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-132-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-133-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-134-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-135-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-136-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-137-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-138-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-139-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-140-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-141-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-142-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-143-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-144-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-145-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-146-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-147-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-148-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-149-0x0000000000B80000-0x0000000000BDA000-memory.dmp

          Filesize

          360KB

          Download

        • memory/2740-150-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-151-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-152-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-153-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-154-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-155-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-156-0x0000000002E70000-0x0000000002E76000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2740-157-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-158-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-159-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-160-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-161-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-162-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-163-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-164-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-165-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-166-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-167-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-168-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-169-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-170-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-171-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-172-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-173-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-174-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-175-0x000000000B100000-0x000000000B706000-memory.dmp

          Filesize

          6.0MB

          Download

        • memory/2740-176-0x000000000AC20000-0x000000000AD2A000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/2740-177-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-178-0x000000000AB50000-0x000000000AB62000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2740-179-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-180-0x000000000ABB0000-0x000000000ABEE000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2740-181-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-182-0x000000000AD30000-0x000000000AD7B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/2740-183-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-184-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-185-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-186-0x000000000BC10000-0x000000000C10E000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/2740-187-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2740-188-0x000000000AFE0000-0x000000000B046000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2740-196-0x000000000BAB0000-0x000000000BB42000-memory.dmp

          Filesize

          584KB

          Download

        • memory/2740-198-0x000000000C110000-0x000000000C186000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2740-199-0x000000000BB50000-0x000000000BBA0000-memory.dmp

          Filesize

          320KB

          Download

        • memory/2740-200-0x000000000C4C0000-0x000000000C682000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2740-201-0x000000000CBC0000-0x000000000D0EC000-memory.dmp

          Filesize

          5.2MB

          Download