Malware Analysis Report

2025-03-15 05:17

Sample ID 231218-fkm7saghgq
Target 84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e
SHA256 84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e
Tags
redline livetraffic infostealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e

Threat Level: Known bad

The file 84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e was found to be: Known bad.

Malicious Activity Summary

redline livetraffic infostealer

RedLine

RedLine payload

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-18 04:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-18 04:56

Reported

2023-12-18 05:01

Platform

win7-20231215-en

Max time kernel

279s

Max time network

293s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe

"C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe"

Network

Country Destination Domain Proto
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp

Files

memory/1728-0-0x00000000001D0000-0x000000000020C000-memory.dmp

memory/1728-5-0x0000000074910000-0x0000000074FFE000-memory.dmp

memory/1728-6-0x0000000007510000-0x0000000007550000-memory.dmp

memory/1728-7-0x0000000074910000-0x0000000074FFE000-memory.dmp

memory/1728-8-0x0000000007510000-0x0000000007550000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-18 04:56

Reported

2023-12-18 05:01

Platform

win10-20231215-en

Max time kernel

292s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe

"C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
RU 77.105.132.87:17066 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp
RU 77.105.132.87:17066 tcp

Files

memory/916-0-0x0000000001050000-0x000000000108C000-memory.dmp

memory/916-6-0x0000000007FB0000-0x00000000084AE000-memory.dmp

memory/916-7-0x0000000007B90000-0x0000000007C22000-memory.dmp

memory/916-8-0x0000000007D20000-0x0000000007D30000-memory.dmp

memory/916-9-0x0000000005100000-0x000000000510A000-memory.dmp

memory/916-5-0x0000000073E90000-0x000000007457E000-memory.dmp

memory/916-10-0x0000000009080000-0x0000000009686000-memory.dmp

memory/916-12-0x0000000009030000-0x0000000009042000-memory.dmp

memory/916-13-0x000000000A810000-0x000000000A84E000-memory.dmp

memory/916-14-0x000000000A850000-0x000000000A89B000-memory.dmp

memory/916-11-0x000000000A8E0000-0x000000000A9EA000-memory.dmp

memory/916-15-0x0000000073E90000-0x000000007457E000-memory.dmp

memory/916-16-0x0000000007D20000-0x0000000007D30000-memory.dmp