Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    53s
  • max time network
    68s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    31-03-2023 20:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d9d24082c5da1b288c1403da90f6bca9356b941c3f693c9d6620601d08b8a44.exe

  • Size

    355KB

  • MD5

    d212fa2770e98c61b3594f54d9342d5d

  • SHA1

    c9525afc519cc0a6530fd62648cbbf1c257223ec

  • SHA256

    0d9d24082c5da1b288c1403da90f6bca9356b941c3f693c9d6620601d08b8a44

  • SHA512

    1b4872724e676b5100d6eb50c86db7bdf2411263f63a7bd2256c82ffe98dbf1d426d2556c2d33465e02122576f3c62876b440db380c626f216c09b0b31175230

  • SSDEEP

    6144:XU6GvkN0fQnUdhofHB71AyhaJ3ARYOsG0f8aMfkpt:k6GvkKfQnChofHd1AOaU9sGvk

Score
10/10
redline@germanydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

185.11.61.125:22344

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d9d24082c5da1b288c1403da90f6bca9356b941c3f693c9d6620601d08b8a44.exe
    "C:\Users\Admin\AppData\Local\Temp\0d9d24082c5da1b288c1403da90f6bca9356b941c3f693c9d6620601d08b8a44.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2236

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2236-122-0x0000000003AD0000-0x0000000003B2A000-memory.dmp
    Filesize

    360KB

    Download
  • memory/2236-123-0x0000000006370000-0x000000000686E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2236-124-0x0000000003CA0000-0x0000000003CF8000-memory.dmp
    Filesize

    352KB

    Download
  • memory/2236-125-0x0000000003780000-0x00000000037E2000-memory.dmp
    Filesize

    392KB

    Download
  • memory/2236-126-0x0000000006360000-0x0000000006370000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2236-127-0x0000000006360000-0x0000000006370000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2236-128-0x0000000006360000-0x0000000006370000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2236-129-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-130-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-132-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-134-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-136-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-140-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-138-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-142-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-144-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-146-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-148-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-150-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-152-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-154-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-156-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-158-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-160-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-162-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-164-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-166-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-168-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-172-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-170-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-174-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-176-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-178-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-180-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-182-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-184-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-186-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-188-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-190-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-192-0x0000000003CA0000-0x0000000003CF2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2236-919-0x0000000006870000-0x0000000006E76000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/2236-920-0x00000000061A0000-0x00000000061B2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2236-921-0x00000000061D0000-0x00000000062DA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2236-922-0x00000000062E0000-0x000000000631E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2236-923-0x0000000006360000-0x0000000006370000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2236-924-0x0000000006E90000-0x0000000006EDB000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2236-925-0x0000000007120000-0x0000000007186000-memory.dmp
    Filesize

    408KB

    Download
  • memory/2236-926-0x00000000077B0000-0x0000000007842000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2236-927-0x0000000007AD0000-0x0000000007B46000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2236-928-0x0000000007C10000-0x0000000007DD2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/2236-930-0x0000000007DE0000-0x000000000830C000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/2236-931-0x00000000083B0000-0x00000000083CE000-memory.dmp
    Filesize

    120KB

    Download