Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2023, 05:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a566bc611263950bcbcbb27f289d6182fee8ab57a596042140b246c78e734b07.exe

  • Size

    546KB

  • MD5

    67fd70b48200bbeb4bb4ce02f2323a71

  • SHA1

    d05f2d8b4340af68e63ebf71e7bf11b5f1d56359

  • SHA256

    a566bc611263950bcbcbb27f289d6182fee8ab57a596042140b246c78e734b07

  • SHA512

    5a3ae7f0faaf50b20e0632e6173db38243685170b9be67ec53ca4b0045998e161a9438a740be5d0718963cadd4a76301e78d2011b070a15580a10166739d45d9

  • SSDEEP

    12288:CMrUy90PxSQ0VwM51cTiXsYeEJida3IwaqAE2BCJCPGeml7:KyqxSxVv51cTich83IwaqAjB6l7

Score
10/10
redlinedezikmangodiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

dezik

C2

193.56.146.220:4174

Attributes
  • auth_value

    d39f21dca8edc10800b036ab83f4d75e

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 33 IoCs
  • Executes dropped EXE 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a566bc611263950bcbcbb27f289d6182fee8ab57a596042140b246c78e734b07.exe
    "C:\Users\Admin\AppData\Local\Temp\a566bc611263950bcbcbb27f289d6182fee8ab57a596042140b246c78e734b07.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nice4365.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nice4365.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4368
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b5880ea.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b5880ea.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1836
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\c45Sx13.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\c45Sx13.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:220
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 220 -s 1340
          4⤵
          • Program crash
          PID:4040
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dgRMt66.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dgRMt66.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3988
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 220 -ip 220
    1⤵
      PID:4636

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dgRMt66.exe
            Filesize

            175KB

            MD5

            92f2a148b8f701e50e2f838f73d4d7b7

            SHA1

            324d8546e35d4f4285cac15b21620299ba5cb023

            SHA256

            9ad66388140ef3b4a7c2918eb3c9083dd80396949f385dd6d17c28f97cf14f04

            SHA512

            3300c7606f872e75deaff924ee77fcd975e515a0dbca907ddd16b25910f250c6b8c46c6cabda3ac4780a8dce5fb9a70bd0c4c184f649cd5375fb6278b2a0ea6c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dgRMt66.exe
            Filesize

            175KB

            MD5

            92f2a148b8f701e50e2f838f73d4d7b7

            SHA1

            324d8546e35d4f4285cac15b21620299ba5cb023

            SHA256

            9ad66388140ef3b4a7c2918eb3c9083dd80396949f385dd6d17c28f97cf14f04

            SHA512

            3300c7606f872e75deaff924ee77fcd975e515a0dbca907ddd16b25910f250c6b8c46c6cabda3ac4780a8dce5fb9a70bd0c4c184f649cd5375fb6278b2a0ea6c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nice4365.exe
            Filesize

            402KB

            MD5

            0abe60c17ac28ed46d8679ed41da23df

            SHA1

            d0c83ec1778b70f8c7921a56287d6db1c6676a89

            SHA256

            a045c86a15b7a024a71632c50b05215b8c01b0f17ea7795e0d3c1beac11e7842

            SHA512

            5ed53224b8237120a0a4c7632168b943b1d6abf636bacd79efdabbfd783c34fa32263666186aaf6dc7889181c7dbb32931582997e6f38fe9cc325a1117a19af6

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nice4365.exe
            Filesize

            402KB

            MD5

            0abe60c17ac28ed46d8679ed41da23df

            SHA1

            d0c83ec1778b70f8c7921a56287d6db1c6676a89

            SHA256

            a045c86a15b7a024a71632c50b05215b8c01b0f17ea7795e0d3c1beac11e7842

            SHA512

            5ed53224b8237120a0a4c7632168b943b1d6abf636bacd79efdabbfd783c34fa32263666186aaf6dc7889181c7dbb32931582997e6f38fe9cc325a1117a19af6

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b5880ea.exe
            Filesize

            11KB

            MD5

            7e93bacbbc33e6652e147e7fe07572a0

            SHA1

            421a7167da01c8da4dc4d5234ca3dd84e319e762

            SHA256

            850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

            SHA512

            250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b5880ea.exe
            Filesize

            11KB

            MD5

            7e93bacbbc33e6652e147e7fe07572a0

            SHA1

            421a7167da01c8da4dc4d5234ca3dd84e319e762

            SHA256

            850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

            SHA512

            250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\c45Sx13.exe
            Filesize

            367KB

            MD5

            b027ebb3e70d7bc51c75bbdfd85ea392

            SHA1

            89bea40a9f34e998af07884e9a3da1df21037b2a

            SHA256

            0c7a52e23934ed22905ccf78982f546ab0a36f92cdc64bf1cfddc7b4cb02d0e3

            SHA512

            4d51137bd5c210f57198dd9f08858415ec2b5f4cd4324651bbc4b0127fbcfb1486b4f5f2add49602afeb340675ba3f37344ccf3d728039dabf3411bd547f0a4c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\c45Sx13.exe
            Filesize

            367KB

            MD5

            b027ebb3e70d7bc51c75bbdfd85ea392

            SHA1

            89bea40a9f34e998af07884e9a3da1df21037b2a

            SHA256

            0c7a52e23934ed22905ccf78982f546ab0a36f92cdc64bf1cfddc7b4cb02d0e3

            SHA512

            4d51137bd5c210f57198dd9f08858415ec2b5f4cd4324651bbc4b0127fbcfb1486b4f5f2add49602afeb340675ba3f37344ccf3d728039dabf3411bd547f0a4c

            Download Submit

          • memory/220-195-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-201-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-156-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/220-155-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/220-157-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/220-158-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-159-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-161-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-163-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-165-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-167-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-169-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-171-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-173-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-175-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-177-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-179-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-181-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-183-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-185-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-187-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-189-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-191-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-193-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-153-0x0000000004D80000-0x0000000005324000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/220-197-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-199-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-154-0x00000000005B0000-0x00000000005FB000-memory.dmp

            Filesize

            300KB

            Download

          • memory/220-203-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-205-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-207-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-209-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-211-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-213-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-215-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-217-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-219-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-221-0x0000000002440000-0x000000000247E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/220-1064-0x0000000005330000-0x0000000005948000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/220-1065-0x0000000005950000-0x0000000005A5A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/220-1066-0x0000000002670000-0x0000000002682000-memory.dmp

            Filesize

            72KB

            Download

          • memory/220-1067-0x00000000027D0000-0x000000000280C000-memory.dmp

            Filesize

            240KB

            Download

          • memory/220-1068-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/220-1070-0x0000000005BD0000-0x0000000005C62000-memory.dmp

            Filesize

            584KB

            Download

          • memory/220-1071-0x0000000005C70000-0x0000000005CD6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/220-1072-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/220-1073-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/220-1074-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/220-1075-0x0000000006490000-0x0000000006652000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/220-1076-0x0000000006670000-0x0000000006B9C000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/220-1077-0x0000000006CE0000-0x0000000006D56000-memory.dmp

            Filesize

            472KB

            Download

          • memory/220-1078-0x0000000006D70000-0x0000000006DC0000-memory.dmp

            Filesize

            320KB

            Download

          • memory/220-1079-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1836-147-0x0000000000E40000-0x0000000000E4A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/3988-1085-0x0000000000E40000-0x0000000000E72000-memory.dmp

            Filesize

            200KB

            Download

          • memory/3988-1086-0x0000000005740000-0x0000000005750000-memory.dmp

            Filesize

            64KB

            Download