Overview

overview

10

Static

static

3

ReadPCIRegisters.exe

windows7-x64

10

ReadPCIRegisters.exe

windows10-2004-x64

10

WinRing0x64.dll

windows7-x64

1

WinRing0x64.dll

windows10-2004-x64

1

WinRing0x64.sys

windows7-x64

1

WinRing0x64.sys

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fd9108779a2169de167db6fd0c463a7e7982b10b24af07a5e5223f7bf247ea2

  • Size

    1.0MB

  • Sample

    241102-ywwx6sxjcn

  • MD5

    c50af5a2044575e41b41bc3c380fdce2

  • SHA1

    74df3642d573bc4b9babb53ad10ac6fa7cb0cfe0

  • SHA256

    6fd9108779a2169de167db6fd0c463a7e7982b10b24af07a5e5223f7bf247ea2

  • SHA512

    641b1d02d9ded1e98f1b5f5bb57c8025992032706e20f9dddb707f7ab33dfae7c3638e59c2ee97e1bf01dc168d57554f5d8086f960363e9b193651614120db7f

  • SSDEEP

    24576:GxHCruhRZiEPLRC/dmJHkup7CsQp/P/d+qA1OLkQNeyDSOlmkPtzKj:GoihvPFHZiDp/P1+qAEheyDScFzKj

Score
10/10
redosdrudiscoverydownloaderloaderpersistence

Malware Config

Extracted

Family

redosdru

C2

http://120.46.52.231/NetSyst96.dll

Targets

    • Target

      ReadPCIRegisters.exe

    • Size

      1.3MB

    • MD5

      ea24df042e732db0122de161be0dd8fc

    • SHA1

      4a697d9a960f02c21d3e10e1a032867abe040db3

    • SHA256

      0b5479411aa07c990ac5d4a5e5c1b2a5d2ea1e8347b49aba2aab225667270e9a

    • SHA512

      5e0faa83fe6c9fb2fcacca96a3b4486e2ccb1894b20ff5e11d76fcf975dc6f3a232913668f3e89603e1088c41e6834989bcf6f715a0d1d678eebf463a423096e

    • SSDEEP

      24576:xnsJ39LyjbJkQFMhmC+6GD95vhkEp3W8AD/Dhd+y4lqJ8QdCYDoDNb:xnsHyjtk2MYC5GDfvhsvD/DX+y4onCYm

    Score
    10/10
    redosdrudiscoverydownloaderloaderpersistence

    • Redosdru

      Redosdru is a loader/downloader written in C++.

      loaderdownloaderredosdru

    • Redosdru family

      redosdru

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      WinRing0x64.dll

    • Size

      61KB

    • MD5

      eb31c77ef331ec4cbf7262cda4d1233a

    • SHA1

      ffeb0f08f18a4eca1bf8c4e827f9111ae3c64716

    • SHA256

      a746fd5728e7485f741cc330a279674bc8590b1b8007d8614046c49f58698485

    • SHA512

      b1143d419e278c1b09ad5d750d5dea1fa95ffaec1c0ee7d9c0d7160929981e1b5815fd45d6e0f8ab7aff1cae4518cb4baf1ed69441a040bb584024c99aaea0d0

    • SSDEEP

      1536:7Vz2GiL9ZooLCYtdm2R6CKQlqlLLuNsCMku1fT:Pw9ZooftdLTKBLLAsCMkk

    Score
    1/10
    behavioral3behavioral4

    • Target

      WinRing0x64.sys

    • Size

      14KB

    • MD5

      0c0195c48b6b8582fa6f6373032118da

    • SHA1

      d25340ae8e92a6d29f599fef426a2bc1b5217299

    • SHA256

      11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

    • SHA512

      ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d

    • SSDEEP

      192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks