Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    127s
  • max time network
    132s
  • platform
    windows10-1703_x64
  • resource
    win10-20231020-en
  • resource tags

    arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22/10/2023, 12:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41352e9771b906b5913a9e6a9ecd3fe423bc3e91993a5373a67f7226a6eb6abf.exe

  • Size

    496KB

  • MD5

    e5f3d57228c890d9eac3e33e9a0dec31

  • SHA1

    941c05efc029a68413864ef9804242b72e6c3050

  • SHA256

    41352e9771b906b5913a9e6a9ecd3fe423bc3e91993a5373a67f7226a6eb6abf

  • SHA512

    fe8e68b5058cbecfbdda513f4a6ae88d94283bf66224c1253037c269a402909ad4a3701306ec142d6d39ac5db966e11478d101ac3d63bca82f1dc6736dfb560c

  • SSDEEP

    12288:b8M07UjazQB2o97Hr62k3n/+pLsv9+eXUeF6v1L:CUWzQkAr62k3n/+pAv+e2L

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41352e9771b906b5913a9e6a9ecd3fe423bc3e91993a5373a67f7226a6eb6abf.exe
    "C:\Users\Admin\AppData\Local\Temp\41352e9771b906b5913a9e6a9ecd3fe423bc3e91993a5373a67f7226a6eb6abf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3480-0-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/3480-1-0x0000000001F60000-0x0000000001FBA000-memory.dmp

    Filesize

    360KB

    Download

  • memory/3480-5-0x0000000073D30000-0x000000007441E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3480-6-0x0000000006FC0000-0x00000000074BE000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/3480-7-0x0000000007500000-0x0000000007592000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3480-8-0x0000000007770000-0x0000000007780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3480-9-0x00000000076D0000-0x00000000076DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3480-10-0x0000000007AB0000-0x00000000080B6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/3480-11-0x0000000007790000-0x00000000077A2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3480-12-0x00000000077C0000-0x00000000078CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3480-13-0x00000000078F0000-0x000000000792E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-14-0x0000000007950000-0x000000000799B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/3480-15-0x0000000008100000-0x0000000008166000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3480-16-0x00000000088C0000-0x0000000008936000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3480-17-0x0000000008970000-0x000000000898E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3480-18-0x0000000008B90000-0x0000000008D52000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3480-19-0x0000000008D60000-0x000000000928C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3480-22-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/3480-23-0x0000000073D30000-0x000000007441E000-memory.dmp

    Filesize

    6.9MB

    Download