Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    127s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20231020-en
  • resource tags

    arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/10/2023, 04:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    acde06290e2fe885833a64a603eb08efe77fd83f2c9f086211b40a10287e18a0.exe

  • Size

    483KB

  • MD5

    8cf1180a61174f8e905920f6d9504644

  • SHA1

    dcdc417d1ab0206e330bd6b5205f111152a438d1

  • SHA256

    acde06290e2fe885833a64a603eb08efe77fd83f2c9f086211b40a10287e18a0

  • SHA512

    160a56a96cb7e0034421940f70c0ebbc9b71daf6962df4a92be6258a2afb34fbcfba85a4500642cd0a89b5d2eda997955895f60d479bcfc3a24a2bfb7812f9f8

  • SSDEEP

    6144:gIHaFABWgal7Ute3LiyCX6YSoN3Z5gTLE3en1+MPbF0r+JKqWNh:fahFoe3LYXic4LECzumOL

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\acde06290e2fe885833a64a603eb08efe77fd83f2c9f086211b40a10287e18a0.exe
    "C:\Users\Admin\AppData\Local\Temp\acde06290e2fe885833a64a603eb08efe77fd83f2c9f086211b40a10287e18a0.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2368

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2368-1-0x0000000000400000-0x000000000047A000-memory.dmp

          Filesize

          488KB

          Download

        • memory/2368-2-0x0000000000590000-0x00000000005EA000-memory.dmp

          Filesize

          360KB

          Download

        • memory/2368-6-0x0000000073100000-0x00000000737EE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2368-7-0x0000000006FA0000-0x000000000749E000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/2368-8-0x00000000074E0000-0x0000000007572000-memory.dmp

          Filesize

          584KB

          Download

        • memory/2368-9-0x0000000007760000-0x0000000007770000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2368-10-0x00000000076D0000-0x00000000076DA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2368-11-0x0000000007AB0000-0x00000000080B6000-memory.dmp

          Filesize

          6.0MB

          Download

        • memory/2368-12-0x0000000007790000-0x00000000077A2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2368-13-0x00000000077C0000-0x00000000078CA000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/2368-14-0x00000000078F0000-0x000000000792E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2368-15-0x0000000007950000-0x000000000799B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/2368-16-0x0000000008100000-0x0000000008166000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2368-17-0x0000000008A00000-0x0000000008A76000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2368-18-0x0000000008AD0000-0x0000000008C92000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2368-19-0x0000000008CC0000-0x00000000091EC000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2368-20-0x0000000009300000-0x000000000931E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2368-23-0x0000000000400000-0x000000000047A000-memory.dmp

          Filesize

          488KB

          Download

        • memory/2368-24-0x0000000073100000-0x00000000737EE000-memory.dmp

          Filesize

          6.9MB

          Download