Malware Analysis Report

2025-01-18 07:29

Sample ID 230813-l3kghacg7t
Target 879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c_JC.exe
SHA256 879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c
Tags
redline logsdiller cloud (tg: @logsdillabot) infostealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c

Threat Level: Known bad

The file 879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c_JC.exe was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) infostealer

RedLine

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-08-13 10:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-13 10:03

Reported

2023-08-13 10:06

Platform

win7-20230712-en

Max time kernel

141s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c_JC.exe"

Signatures

RedLine

infostealer redline

Processes

C:\Users\Admin\AppData\Local\Temp\879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c_JC.exe

"C:\Users\Admin\AppData\Local\Temp\879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c_JC.exe"

Network

Country Destination Domain Proto
NL 136.244.98.226:33587 tcp
NL 136.244.98.226:33587 tcp
NL 136.244.98.226:33587 tcp
NL 136.244.98.226:33587 tcp
NL 136.244.98.226:33587 tcp
NL 136.244.98.226:33587 tcp

Files

memory/1256-55-0x0000000000290000-0x0000000000390000-memory.dmp

memory/1256-56-0x0000000000400000-0x00000000022FE000-memory.dmp

memory/1256-57-0x0000000002300000-0x000000000233F000-memory.dmp

memory/1256-58-0x0000000003E90000-0x0000000003EC8000-memory.dmp

memory/1256-59-0x00000000747A0000-0x0000000074E8E000-memory.dmp

memory/1256-60-0x0000000006730000-0x0000000006770000-memory.dmp

memory/1256-61-0x0000000003E20000-0x0000000003E54000-memory.dmp

memory/1256-62-0x0000000003ED0000-0x0000000003ED6000-memory.dmp

memory/1256-63-0x0000000006730000-0x0000000006770000-memory.dmp

memory/1256-64-0x0000000000290000-0x0000000000390000-memory.dmp

memory/1256-65-0x00000000747A0000-0x0000000074E8E000-memory.dmp

memory/1256-67-0x0000000006730000-0x0000000006770000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-13 10:03

Reported

2023-08-13 10:06

Platform

win10v2004-20230703-en

Max time kernel

141s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c_JC.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c_JC.exe

"C:\Users\Admin\AppData\Local\Temp\879ac9b78fcedbc0534db2577cdf8bfcad6e3b5961c48baa4fe95bfb8de3917c_JC.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
NL 136.244.98.226:33587 tcp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
NL 136.244.98.226:33587 tcp
NL 136.244.98.226:33587 tcp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
NL 136.244.98.226:33587 tcp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
NL 136.244.98.226:33587 tcp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
NL 136.244.98.226:33587 tcp

Files

memory/3880-134-0x00000000023E0000-0x00000000024E0000-memory.dmp

memory/3880-135-0x0000000002380000-0x00000000023BF000-memory.dmp

memory/3880-136-0x0000000000400000-0x00000000022FE000-memory.dmp

memory/3880-137-0x0000000006C50000-0x0000000006C60000-memory.dmp

memory/3880-138-0x0000000006C60000-0x0000000007204000-memory.dmp

memory/3880-139-0x0000000074830000-0x0000000074FE0000-memory.dmp

memory/3880-141-0x0000000006C50000-0x0000000006C60000-memory.dmp

memory/3880-140-0x0000000006C50000-0x0000000006C60000-memory.dmp

memory/3880-142-0x0000000007210000-0x0000000007828000-memory.dmp

memory/3880-143-0x0000000007830000-0x000000000793A000-memory.dmp

memory/3880-144-0x0000000006C30000-0x0000000006C42000-memory.dmp

memory/3880-145-0x0000000006C50000-0x0000000006C60000-memory.dmp

memory/3880-146-0x0000000007940000-0x000000000797C000-memory.dmp

memory/3880-147-0x00000000023E0000-0x00000000024E0000-memory.dmp

memory/3880-148-0x0000000000400000-0x00000000022FE000-memory.dmp

memory/3880-149-0x0000000002380000-0x00000000023BF000-memory.dmp

memory/3880-150-0x0000000006C50000-0x0000000006C60000-memory.dmp

memory/3880-151-0x0000000074830000-0x0000000074FE0000-memory.dmp

memory/3880-152-0x0000000006C50000-0x0000000006C60000-memory.dmp