Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3

  • Size

    146KB

  • Sample

    221001-mhdnwsfha5

  • MD5

    f882f6c0b8bd0ed1fda637d8f314d255

  • SHA1

    981f1105ccbbc303c400a006b851122dbca74241

  • SHA256

    3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3

  • SHA512

    fbe43b35efa4fed01bcce9ce4475fcff22bebf1ac49a18d9d6b3581c95ce8ea16ee78c4d6b634b04a74fdf88a32726a393854ba467014064a7d35b7f2eb2d99c

  • SSDEEP

    3072:mdtX6r5bx/RnCa58nh0JlSI7FqdrCREk1:YqrJTCqfSiFqdrCOk1

Score
10/10
asyncratredlinedefaultinslab26discoveryinfostealerratspywarestealer

Malware Config

Extracted

Family

redline

Botnet

inslab26

C2

185.182.194.25:8251

Attributes
  • auth_value

    7c9cbd0e489a3c7fd31006406cb96f5b

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

sadcgvc.duckdns.org:6606

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3

    • Size

      146KB

    • MD5

      f882f6c0b8bd0ed1fda637d8f314d255

    • SHA1

      981f1105ccbbc303c400a006b851122dbca74241

    • SHA256

      3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3

    • SHA512

      fbe43b35efa4fed01bcce9ce4475fcff22bebf1ac49a18d9d6b3581c95ce8ea16ee78c4d6b634b04a74fdf88a32726a393854ba467014064a7d35b7f2eb2d99c

    • SSDEEP

      3072:mdtX6r5bx/RnCa58nh0JlSI7FqdrCREk1:YqrJTCqfSiFqdrCOk1

    Score
    10/10
    asyncratredlinedefaultinslab26discoveryinfostealerratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Async RAT payload

      rat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks