Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    97s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-03-2023 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e49700355f96b5ae56fe79a2c07a20742d803fc4300b1cf5018148682c7645f7.exe

  • Size

    347KB

  • MD5

    a30a8cbf28456259c3a24c91ab2065b5

  • SHA1

    1d1c6673237263cab47793429f39fa055891a6a4

  • SHA256

    e49700355f96b5ae56fe79a2c07a20742d803fc4300b1cf5018148682c7645f7

  • SHA512

    c782561c08425f1e43c1ec9989a23bfdf94756731f7ff2ac4d0d2f28a7eadacab8216a091020105d198076de111ddb55c69442a2095b0b48ddd7fbe97aff1cf5

  • SSDEEP

    6144:Aig82BLObd6WJH/lS86MX9mspDv6W8soQyrkAufh0mYmTyvg:AB82Bad6WJHsUcsoCfhE

Score
10/10
redlinedozkdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 34 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e49700355f96b5ae56fe79a2c07a20742d803fc4300b1cf5018148682c7645f7.exe
    "C:\Users\Admin\AppData\Local\Temp\e49700355f96b5ae56fe79a2c07a20742d803fc4300b1cf5018148682c7645f7.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1552

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1552-134-0x0000000002450000-0x00000000024B2000-memory.dmp
    Filesize

    392KB

    Download
  • memory/1552-135-0x0000000004FD0000-0x0000000005574000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/1552-136-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-137-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-139-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-141-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-145-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1552-143-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1552-146-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1552-148-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-144-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-150-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-152-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-154-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-156-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-158-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-160-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-162-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-164-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-166-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-168-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-170-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-172-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-174-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-176-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-178-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-180-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-182-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-184-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-186-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-188-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-190-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-192-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-194-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-196-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-198-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-200-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-202-0x0000000004E80000-0x0000000004ED2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1552-929-0x0000000005580000-0x0000000005B98000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/1552-930-0x0000000004F60000-0x0000000004F72000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1552-931-0x0000000005BA0000-0x0000000005CAA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1552-932-0x0000000004F80000-0x0000000004FBC000-memory.dmp
    Filesize

    240KB

    Download
  • memory/1552-933-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1552-934-0x0000000005F80000-0x0000000005FE6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1552-935-0x0000000006650000-0x00000000066E2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1552-936-0x0000000006960000-0x00000000069D6000-memory.dmp
    Filesize

    472KB

    Download
  • memory/1552-937-0x0000000006A50000-0x0000000006C12000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1552-938-0x0000000006C20000-0x000000000714C000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/1552-939-0x0000000007240000-0x000000000725E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/1552-941-0x0000000002450000-0x00000000024B2000-memory.dmp
    Filesize

    392KB

    Download
  • memory/1552-942-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1552-943-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1552-944-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
    Filesize

    64KB

    Download