Malware Analysis Report

2025-03-15 05:13

Sample ID 231211-fhq6naefd8
Target 43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0
SHA256 43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0
Tags
redline livetraffic infostealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0

Threat Level: Known bad

The file 43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0 was found to be: Known bad.

Malicious Activity Summary

redline livetraffic infostealer

RedLine

RedLine payload

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-11 04:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-11 04:52

Reported

2023-12-11 04:57

Platform

win7-20231130-en

Max time kernel

299s

Max time network

296s

Command Line

"C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe

"C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe"

Network

Country Destination Domain Proto
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp

Files

memory/3052-0-0x0000000000250000-0x000000000028C000-memory.dmp

memory/3052-5-0x0000000074450000-0x0000000074B3E000-memory.dmp

memory/3052-6-0x0000000004B80000-0x0000000004BC0000-memory.dmp

memory/3052-7-0x0000000074450000-0x0000000074B3E000-memory.dmp

memory/3052-8-0x0000000004B80000-0x0000000004BC0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-11 04:52

Reported

2023-12-11 04:57

Platform

win10-20231129-en

Max time kernel

295s

Max time network

298s

Command Line

"C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe

"C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe"

Network

Country Destination Domain Proto
RU 77.105.132.87:20104 tcp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 5.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp
RU 77.105.132.87:20104 tcp

Files

memory/292-0-0x00000000027A0000-0x00000000027DC000-memory.dmp

memory/292-6-0x0000000007B20000-0x000000000801E000-memory.dmp

memory/292-7-0x00000000076C0000-0x0000000007752000-memory.dmp

memory/292-8-0x00000000078B0000-0x00000000078C0000-memory.dmp

memory/292-9-0x0000000002A70000-0x0000000002A7A000-memory.dmp

memory/292-5-0x0000000073C70000-0x000000007435E000-memory.dmp

memory/292-12-0x00000000089C0000-0x00000000089D2000-memory.dmp

memory/292-14-0x000000000A1C0000-0x000000000A20B000-memory.dmp

memory/292-13-0x000000000A180000-0x000000000A1BE000-memory.dmp

memory/292-11-0x000000000A290000-0x000000000A39A000-memory.dmp

memory/292-10-0x0000000008A30000-0x0000000009036000-memory.dmp

memory/292-15-0x0000000073C70000-0x000000007435E000-memory.dmp

memory/292-16-0x00000000078B0000-0x00000000078C0000-memory.dmp