Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16-07-2023 14:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    777203924bfaa0cfdba942ae48b138ea54f92afe43a1f61051952a4cb04bff2f.exe

  • Size

    493KB

  • MD5

    5f5465df1faecf1c7540b4eb03943b4d

  • SHA1

    5d1ed118d4dff415ece21990a8c46b2c280f3669

  • SHA256

    777203924bfaa0cfdba942ae48b138ea54f92afe43a1f61051952a4cb04bff2f

  • SHA512

    b6ddfec63b6d2381a69d9aaa5f87288abba105a1ee4816330ef21fe05dcb321b494adbec0873b1d78b40b159d7fb796281d11d61f2411c55c30513f6be2cacb8

  • SSDEEP

    6144:xuEzOmFaxdLaHMXTvR9qrVmTgccSUin6w3Asc75/HuK4nY8XtvqqZ5FxDqHJ:xuEzDsXTLUE9cSUeN2uK4Li8PxDq

Score
10/10
redlinekirainfostealer

Malware Config

Extracted

Family

redline

Botnet

kira

C2

77.91.68.48:19071

Attributes
  • auth_value

    1677a40fd8997eb89377e1681911e9c6

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

Processes

  • C:\Users\Admin\AppData\Local\Temp\777203924bfaa0cfdba942ae48b138ea54f92afe43a1f61051952a4cb04bff2f.exe
    "C:\Users\Admin\AppData\Local\Temp\777203924bfaa0cfdba942ae48b138ea54f92afe43a1f61051952a4cb04bff2f.exe"
    1⤵
      PID:4392

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4392-118-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download

    • memory/4392-117-0x0000000000720000-0x00000000007AC000-memory.dmp

      Filesize

      560KB

      Download

    • memory/4392-124-0x0000000073A00000-0x00000000740EE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/4392-125-0x0000000000720000-0x00000000007AC000-memory.dmp

      Filesize

      560KB

      Download

    • memory/4392-126-0x00000000024E0000-0x00000000024E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4392-127-0x0000000004540000-0x0000000004546000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4392-128-0x0000000009F40000-0x000000000A546000-memory.dmp

      Filesize

      6.0MB

      Download

    • memory/4392-129-0x000000000A660000-0x000000000A76A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4392-131-0x0000000006CC0000-0x0000000006CD0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4392-130-0x0000000006A50000-0x0000000006A62000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4392-132-0x0000000006A70000-0x0000000006AAE000-memory.dmp

      Filesize

      248KB

      Download

    • memory/4392-133-0x0000000006C20000-0x0000000006C6B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/4392-134-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download

    • memory/4392-135-0x0000000073A00000-0x00000000740EE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/4392-136-0x0000000006CC0000-0x0000000006CD0000-memory.dmp

      Filesize

      64KB

      Download