Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62794bcc1fbf656453f96fa3c7d3db019963a805fa223bc4d2f8427d1294d50c

  • Size

    171KB

  • Sample

    221105-l2kqwahchm

  • MD5

    e5ba3869cadaeb82206a96d4749f1998

  • SHA1

    da714b64cb8ec12aa35b27c2f179cabd2ffa3335

  • SHA256

    62794bcc1fbf656453f96fa3c7d3db019963a805fa223bc4d2f8427d1294d50c

  • SHA512

    9248dbcddd6817f045d2778eea753828175881891b231bef5ade9d22400fb4213ab7643bdc303f06685aafd48562ce722dd29e806cb12165c25ae1e87ed5dcd8

  • SSDEEP

    3072:OgLaeRDcpY9KvuYF8LrN2hQSb7bEot4dfhQ+ibgTF6kD21qF2Gz:Oiao9KvuDLp2hGPCRb4FR

Score
10/10
asyncratredlinedefendersmartscrenmucksecurityhealthservicsmartscreendefendersystem guard runtimewindowsdefendersmarttscreeninfostealerrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

WindowsDefenderSmarttScreen

C2

217.64.31.3:9742

Mutex

WindowsDefenderSmarttScreen

Attributes
  • delay

    1

  • install

    false

  • install_file

    WindowsDefenderSmarttScreen.exe

  • install_folder

    %AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

SecurityHealthServic

C2

20.8.122.174:31682

Mutex

SecurityHealthServic

Attributes
  • delay

    3

  • install

    false

  • install_file

    SecurityHealthService

  • install_folder

    %AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

C2

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes
  • delay

    3

  • install

    false

  • install_file

    System Guard Runtime

  • install_folder

    %AppData%

aes.plain

Extracted

Family

asyncrat

Version

1.0.7

Botnet

SmartScreenDefender

C2

20.166.62.124:49264

Mutex

SmartScreenDefender

Attributes
  • delay

    1

  • install

    false

  • install_file

    SmartScreenDefender

  • install_folder

    %AppData%

aes.plain

Extracted

Family

redline

Botnet

muck

C2

20.126.112.157:16733

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

DefenderSmartScren

C2

217.64.31.3:8437

Mutex

DefenderSmartScren

Attributes
  • delay

    3

  • install

    false

  • install_file

    SecurityHealtheurvice.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      62794bcc1fbf656453f96fa3c7d3db019963a805fa223bc4d2f8427d1294d50c

    • Size

      171KB

    • MD5

      e5ba3869cadaeb82206a96d4749f1998

    • SHA1

      da714b64cb8ec12aa35b27c2f179cabd2ffa3335

    • SHA256

      62794bcc1fbf656453f96fa3c7d3db019963a805fa223bc4d2f8427d1294d50c

    • SHA512

      9248dbcddd6817f045d2778eea753828175881891b231bef5ade9d22400fb4213ab7643bdc303f06685aafd48562ce722dd29e806cb12165c25ae1e87ed5dcd8

    • SSDEEP

      3072:OgLaeRDcpY9KvuYF8LrN2hQSb7bEot4dfhQ+ibgTF6kD21qF2Gz:Oiao9KvuDLp2hGPCRb4FR

    Score
    10/10
    asyncratredlinedefendersmartscrenmucksecurityhealthservicsmartscreendefendersystem guard runtimewindowsdefendersmarttscreeninfostealerrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks