Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    74s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-03-2023 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b237dd9b41820712f06e875814646cf41906eb61638aae1e41ed3d337ea1ed7.exe

  • Size

    383KB

  • MD5

    c35c43351c96feaa426f4d57d0413ab6

  • SHA1

    63a4a1295e7cc7638524840cf72df0112e6282dd

  • SHA256

    1b237dd9b41820712f06e875814646cf41906eb61638aae1e41ed3d337ea1ed7

  • SHA512

    107125b42ee774cb400e96b2a51efe0083c86714bc3352b691e5a3dcd2c794ee8e76890fd472000a798090d1ec4b92355dd0db12a5f3e6cbc788521c0690f54f

  • SSDEEP

    6144:Yv7KPnoLhv4WsEL0vE4T/9okG1OqdEwYlva:m7KPn0hAlEYvE49WEbM

Score
10/10
redlinedozkdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b237dd9b41820712f06e875814646cf41906eb61638aae1e41ed3d337ea1ed7.exe
    "C:\Users\Admin\AppData\Local\Temp\1b237dd9b41820712f06e875814646cf41906eb61638aae1e41ed3d337ea1ed7.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3944

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3944-121-0x0000000004C80000-0x0000000004CDA000-memory.dmp
    Filesize

    360KB

    Download
  • memory/3944-122-0x0000000007560000-0x0000000007A5E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3944-123-0x0000000004D70000-0x0000000004DC8000-memory.dmp
    Filesize

    352KB

    Download
  • memory/3944-124-0x00000000048C0000-0x0000000004922000-memory.dmp
    Filesize

    392KB

    Download
  • memory/3944-125-0x0000000007550000-0x0000000007560000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3944-127-0x0000000007550000-0x0000000007560000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3944-126-0x0000000007550000-0x0000000007560000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3944-128-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-129-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-131-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-133-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-135-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-137-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-139-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-141-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-143-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-145-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-147-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-149-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-151-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-153-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-155-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-157-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-159-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-161-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-163-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-165-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-167-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-169-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-171-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-173-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-175-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-177-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-179-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-181-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-183-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-185-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-187-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-189-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-191-0x0000000004D70000-0x0000000004DC2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3944-918-0x0000000007A60000-0x0000000008066000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3944-919-0x0000000004E30000-0x0000000004E42000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3944-920-0x00000000073B0000-0x00000000074BA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3944-921-0x00000000074C0000-0x00000000074FE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/3944-922-0x0000000008070000-0x00000000080BB000-memory.dmp
    Filesize

    300KB

    Download
  • memory/3944-923-0x0000000007550000-0x0000000007560000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3944-924-0x0000000008300000-0x0000000008366000-memory.dmp
    Filesize

    408KB

    Download
  • memory/3944-925-0x00000000089A0000-0x0000000008A32000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3944-926-0x0000000008B80000-0x0000000008BF6000-memory.dmp
    Filesize

    472KB

    Download
  • memory/3944-927-0x0000000008CD0000-0x0000000008E92000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3944-928-0x0000000008EA0000-0x00000000093CC000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/3944-929-0x0000000009470000-0x000000000948E000-memory.dmp
    Filesize

    120KB

    Download