Malware Analysis Report

2025-01-18 09:17

Sample ID 230808-jlztrabc82
Target 662a5d4a94a2c4bb33ea35756afce582.exe
SHA256 554b75cb65327d24a3b341c72a0a0acb8d17eb974f5d34b5abb44ce170142489
Tags
redline logsdiller cloud (tg: @logsdillabot) infostealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

554b75cb65327d24a3b341c72a0a0acb8d17eb974f5d34b5abb44ce170142489

Threat Level: Known bad

The file 662a5d4a94a2c4bb33ea35756afce582.exe was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) infostealer

RedLine

Program crash

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-08-08 07:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-08 07:46

Reported

2023-08-08 07:48

Platform

win7-20230712-en

Max time kernel

121s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe"

Signatures

RedLine

infostealer redline

Processes

C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe

"C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe"

Network

N/A

Files

memory/2044-54-0x0000000000220000-0x0000000000249000-memory.dmp

memory/2044-55-0x0000000000250000-0x000000000028F000-memory.dmp

memory/2044-56-0x0000000000400000-0x00000000018CC000-memory.dmp

memory/2044-57-0x0000000003840000-0x0000000003878000-memory.dmp

memory/2044-60-0x0000000003800000-0x0000000003840000-memory.dmp

memory/2044-59-0x0000000003800000-0x0000000003840000-memory.dmp

memory/2044-61-0x0000000003800000-0x0000000003840000-memory.dmp

memory/2044-58-0x00000000741D0000-0x00000000748BE000-memory.dmp

memory/2044-62-0x0000000001C30000-0x0000000001C64000-memory.dmp

memory/2044-63-0x0000000000220000-0x0000000000249000-memory.dmp

memory/2044-64-0x0000000000400000-0x00000000018CC000-memory.dmp

memory/2044-65-0x0000000000250000-0x000000000028F000-memory.dmp

memory/2044-66-0x0000000000400000-0x00000000018CC000-memory.dmp

memory/2044-67-0x00000000741D0000-0x00000000748BE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-08 07:46

Reported

2023-08-08 07:48

Platform

win10v2004-20230703-en

Max time kernel

139s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe

"C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4428 -ip 4428

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 1148

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 2.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

memory/4428-133-0x0000000001B50000-0x0000000001B79000-memory.dmp

memory/4428-134-0x0000000001B80000-0x0000000001BBF000-memory.dmp

memory/4428-135-0x0000000000400000-0x00000000018CC000-memory.dmp

memory/4428-136-0x0000000074800000-0x0000000074FB0000-memory.dmp

memory/4428-137-0x0000000003960000-0x0000000003970000-memory.dmp

memory/4428-138-0x0000000003960000-0x0000000003970000-memory.dmp

memory/4428-139-0x0000000006030000-0x00000000065D4000-memory.dmp

memory/4428-140-0x00000000066C0000-0x0000000006752000-memory.dmp

memory/4428-141-0x0000000000400000-0x00000000018CC000-memory.dmp

memory/4428-144-0x0000000001B50000-0x0000000001B79000-memory.dmp

memory/4428-145-0x0000000001B80000-0x0000000001BBF000-memory.dmp

memory/4428-146-0x0000000000400000-0x00000000018CC000-memory.dmp

memory/4428-147-0x0000000074800000-0x0000000074FB0000-memory.dmp