Malware Analysis Report

2025-01-18 07:45

Sample ID 230813-ztcxysgb5z
Target bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47
SHA256 bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47
Tags
redline logsdiller cloud (tg: @logsdillabot) infostealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47

Threat Level: Known bad

The file bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47 was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) infostealer spyware stealer

RedLine

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-13 21:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-13 21:00

Reported

2023-08-13 21:02

Platform

win10-20230703-en

Max time kernel

128s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47.exe"

Signatures

RedLine

infostealer redline

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47.exe

"C:\Users\Admin\AppData\Local\Temp\bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47.exe"

Network

Country Destination Domain Proto
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 21.170.83.51.in-addr.arpa udp
US 8.8.8.8:53 0.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp

Files

memory/2744-117-0x0000000001900000-0x0000000001929000-memory.dmp

memory/2744-118-0x0000000001A70000-0x0000000001AAF000-memory.dmp

memory/2744-119-0x0000000000400000-0x00000000018D6000-memory.dmp

memory/2744-120-0x0000000003A30000-0x0000000003A40000-memory.dmp

memory/2744-121-0x00000000036A0000-0x00000000036D8000-memory.dmp

memory/2744-122-0x00000000732A0000-0x000000007398E000-memory.dmp

memory/2744-124-0x0000000005F20000-0x000000000641E000-memory.dmp

memory/2744-125-0x0000000003A30000-0x0000000003A40000-memory.dmp

memory/2744-123-0x0000000003A30000-0x0000000003A40000-memory.dmp

memory/2744-126-0x0000000003A40000-0x0000000003A74000-memory.dmp

memory/2744-127-0x0000000003AB0000-0x0000000003AB6000-memory.dmp

memory/2744-128-0x000000000BA60000-0x000000000C066000-memory.dmp

memory/2744-129-0x000000000C0F0000-0x000000000C1FA000-memory.dmp

memory/2744-130-0x000000000C230000-0x000000000C242000-memory.dmp

memory/2744-131-0x0000000003A30000-0x0000000003A40000-memory.dmp

memory/2744-132-0x000000000C290000-0x000000000C2CE000-memory.dmp

memory/2744-133-0x000000000C2F0000-0x000000000C33B000-memory.dmp

memory/2744-134-0x0000000001900000-0x0000000001929000-memory.dmp

memory/2744-135-0x0000000000400000-0x00000000018D6000-memory.dmp

memory/2744-136-0x0000000001A70000-0x0000000001AAF000-memory.dmp

memory/2744-137-0x00000000732A0000-0x000000007398E000-memory.dmp

memory/2744-138-0x000000000C430000-0x000000000C4A6000-memory.dmp

memory/2744-139-0x000000000C4B0000-0x000000000C542000-memory.dmp

memory/2744-140-0x000000000C550000-0x000000000C5B6000-memory.dmp

memory/2744-141-0x0000000003A30000-0x0000000003A40000-memory.dmp

memory/2744-142-0x000000000CE60000-0x000000000D022000-memory.dmp

memory/2744-143-0x000000000D040000-0x000000000D56C000-memory.dmp

memory/2744-144-0x0000000003820000-0x0000000003870000-memory.dmp

memory/2744-145-0x0000000003A30000-0x0000000003A40000-memory.dmp

memory/2744-148-0x0000000000400000-0x00000000018D6000-memory.dmp

memory/2744-149-0x00000000732A0000-0x000000007398E000-memory.dmp