Malware Analysis Report

2025-01-18 07:59

Sample ID 230812-rgt2psea2s
Target 960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7
SHA256 960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7
Tags
redline logsdiller cloud (tg: @logsdillabot) infostealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7

Threat Level: Known bad

The file 960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7 was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) infostealer spyware stealer

RedLine

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-12 14:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-12 14:10

Reported

2023-08-12 14:12

Platform

win10-20230703-en

Max time kernel

125s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7.exe"

Signatures

RedLine

infostealer redline

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7.exe

"C:\Users\Admin\AppData\Local\Temp\960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7.exe"

Network

Country Destination Domain Proto
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 21.170.83.51.in-addr.arpa udp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

memory/2348-123-0x00000000034F0000-0x000000000352F000-memory.dmp

memory/2348-122-0x00000000018F0000-0x0000000001919000-memory.dmp

memory/2348-124-0x0000000000400000-0x00000000018CE000-memory.dmp

memory/2348-125-0x00000000036E0000-0x00000000036F0000-memory.dmp

memory/2348-126-0x00000000037A0000-0x00000000037D8000-memory.dmp

memory/2348-127-0x00000000736A0000-0x0000000073D8E000-memory.dmp

memory/2348-129-0x00000000036E0000-0x00000000036F0000-memory.dmp

memory/2348-128-0x00000000036E0000-0x00000000036F0000-memory.dmp

memory/2348-130-0x0000000005F50000-0x000000000644E000-memory.dmp

memory/2348-131-0x0000000003B70000-0x0000000003BA4000-memory.dmp

memory/2348-132-0x00000000036D0000-0x00000000036D6000-memory.dmp

memory/2348-133-0x000000000B940000-0x000000000BF46000-memory.dmp

memory/2348-134-0x000000000BFA0000-0x000000000C0AA000-memory.dmp

memory/2348-135-0x000000000C0E0000-0x000000000C0F2000-memory.dmp

memory/2348-136-0x000000000C100000-0x000000000C13E000-memory.dmp

memory/2348-137-0x000000000C1A0000-0x000000000C1EB000-memory.dmp

memory/2348-138-0x0000000000400000-0x00000000018CE000-memory.dmp

memory/2348-139-0x00000000018F0000-0x0000000001919000-memory.dmp

memory/2348-140-0x00000000034F0000-0x000000000352F000-memory.dmp

memory/2348-141-0x00000000736A0000-0x0000000073D8E000-memory.dmp

memory/2348-142-0x000000000C2E0000-0x000000000C356000-memory.dmp

memory/2348-143-0x000000000C360000-0x000000000C3F2000-memory.dmp

memory/2348-144-0x000000000C400000-0x000000000C466000-memory.dmp

memory/2348-145-0x000000000CC00000-0x000000000CDC2000-memory.dmp

memory/2348-148-0x00000000036E0000-0x00000000036F0000-memory.dmp

memory/2348-147-0x000000000CDD0000-0x000000000D2FC000-memory.dmp

memory/2348-146-0x00000000036E0000-0x00000000036F0000-memory.dmp

memory/2348-149-0x000000000E390000-0x000000000E3E0000-memory.dmp

memory/2348-150-0x00000000036E0000-0x00000000036F0000-memory.dmp

memory/2348-153-0x0000000000400000-0x00000000018CE000-memory.dmp

memory/2348-154-0x00000000736A0000-0x0000000073D8E000-memory.dmp