redline | d84ae6a1fe42df7886cbaec78b8433ab93a2ff54b0290754eb7b5315734904bb

Resubmissions

11/10/2023, 00:51 UTC

231011-a7gevsbe37 10

11/10/2023, 00:50 UTC

231011-a652tshd41 10

31/01/2023, 09:06 UTC

230131-k21xeshe3z 7

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 00:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RDR2CHEAT/PrimeXLauncher.exe
Size

159KB
MD5

0c2de2a3c96398428b0ce53ee8be212f
SHA1

348a9089ecdc242b2d729f642a70794d74c9a06b
SHA256

1331d10811b5b02f55f7a6fa0e957543c2c2ea5c9817518f97905b6038dfed93
SHA512

b767bb3487ddca3bfd8d998b675d149f06473190755d8b0402469ddfebfc4121384bd65107850036b67f72429bd8fca399b9b3ec54f088a49935f20ca5d3f0a3
SSDEEP

3072:OaAzRVKaMvVMLGXVJYkwOQKlTXSRBI1IVZQLv0e0Ut:OaAzRV9MMIF1IVZQLv

Score

10^/10

redline fondness infostealer

Malware Config

Extracted

Family

redline

Botnet

FONDNESS

89.22.234.180:40608

Attributes

auth_value
8dd80c7c3aad106b12e2f6a3afd7a250

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

C:\Users\Admin\AppData\Local\Temp\RDR2CHEAT\PrimeXLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RDR2CHEAT\PrimeXLauncher.exe"
1⤵
PID:4108

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
DNS

254.21.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.21.238.8.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

54.120.234.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.120.234.20.in-addr.arpa

IN PTR

Response
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

126.210.247.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.210.247.8.in-addr.arpa

IN PTR

Response

89.22.234.180:40608

PrimeXLauncher.exe

260 B
5
89.22.234.180:40608

PrimeXLauncher.exe

260 B
5
89.22.234.180:40608

PrimeXLauncher.exe

260 B
5
89.22.234.180:40608

PrimeXLauncher.exe

260 B
5
89.22.234.180:40608

PrimeXLauncher.exe

260 B
5
89.22.234.180:40608

PrimeXLauncher.exe

260 B
5
89.22.234.180:40608

PrimeXLauncher.exe

208 B
4

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

254.21.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

254.21.238.8.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

208.194.73.20.in-addr.arpa

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

140 B
156 B
2
1

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

54.120.234.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

54.120.234.20.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

126.210.247.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

126.210.247.8.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4108-0-0x0000000074970000-0x0000000075120000-memory.dmp

Filesize
7.7MB

Download
memory/4108-1-0x00000000001A0000-0x00000000001CE000-memory.dmp

Filesize
184KB

Download
memory/4108-2-0x0000000004FA0000-0x00000000055B8000-memory.dmp

Filesize
6.1MB

Download
memory/4108-3-0x0000000004A40000-0x0000000004A52000-memory.dmp

Filesize
72KB

Download
memory/4108-4-0x0000000004B70000-0x0000000004C7A000-memory.dmp

Filesize
1.0MB

Download
memory/4108-5-0x0000000004DA0000-0x0000000004DB0000-memory.dmp

Filesize
64KB

Download
memory/4108-6-0x0000000004AA0000-0x0000000004ADC000-memory.dmp

Filesize
240KB

Download
memory/4108-7-0x0000000004AE0000-0x0000000004B2C000-memory.dmp

Filesize
304KB

Download
memory/4108-8-0x0000000074970000-0x0000000075120000-memory.dmp

Filesize
7.7MB

Download
memory/4108-9-0x0000000004DA0000-0x0000000004DB0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.