Overview
overview
10Static
static
URLScan
urlscan
https://nawa-store.c...
windows7_x64
6https://nawa-store.c...
windows7_x64
1https://nawa-store.c...
windows7_x64
6https://nawa-store.c...
windows11_x64
8https://nawa-store.c...
windows10_x64
10https://nawa-store.c...
windows10_x64
10https://nawa-store.c...
windows10_x64
10General
Static task
static1
URLScan task
urlscan1
Sample
https://nawa-store.com/shopinside
Behavioral task
behavioral1
Sample
https://nawa-store.com/shopinside
Resource
win7-ja-20211104
Behavioral task
behavioral2
Sample
https://nawa-store.com/shopinside
Resource
win7-en-20211014
Behavioral task
behavioral3
Sample
https://nawa-store.com/shopinside
Resource
win7-de-20211104
Behavioral task
behavioral4
Sample
https://nawa-store.com/shopinside
Resource
win11
Behavioral task
behavioral5
Sample
https://nawa-store.com/shopinside
Resource
win10-ja-20211014
Behavioral task
behavioral6
Sample
https://nawa-store.com/shopinside
Resource
win10-en-20211104
Behavioral task
behavioral7
Sample
https://nawa-store.com/shopinside
Resource
win10-de-20211014
Malware Config
Extracted
dridex
10111
186.250.48.117:443
92.240.254.110:6602
81.223.127.86:10172
86.49.161.18:9043
Targets
-
-
Target
https://nawa-store.com/shopinside
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Registers COM server for autorun
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Sets service image path in registry
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Program crash
-
Suspicious use of SetThreadContext
-