Malware Analysis Report

2025-01-22 09:23

Sample ID 240704-2gft7ashpm
Target 264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54
SHA256 264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54
Tags
newlogs redline infostealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54

Threat Level: Known bad

The file 264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54 was found to be: Known bad.

Malicious Activity Summary

newlogs redline infostealer

RedLine payload

Redline family

RedLine

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-04 22:32

Signatures

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Redline family

redline

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 22:32

Reported

2024-07-04 22:39

Platform

win7-20240704-en

Max time kernel

287s

Max time network

297s

Command Line

"C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe

"C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe"

Network

Country Destination Domain Proto
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp

Files

memory/1888-0-0x000000007482E000-0x000000007482F000-memory.dmp

memory/1888-1-0x0000000000170000-0x00000000001C0000-memory.dmp

memory/1888-2-0x0000000074820000-0x0000000074F0E000-memory.dmp

memory/1888-3-0x000000007482E000-0x000000007482F000-memory.dmp

memory/1888-4-0x0000000074820000-0x0000000074F0E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 22:32

Reported

2024-07-04 22:39

Platform

win10-20240404-en

Max time kernel

289s

Max time network

299s

Command Line

"C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe

"C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe"

Network

Country Destination Domain Proto
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 20.231.121.79:80 tcp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp
US 8.8.8.8:53 215.169.36.23.in-addr.arpa udp
RU 85.28.47.7:17210 tcp
RU 85.28.47.7:17210 tcp

Files

memory/4676-0-0x00000000736FE000-0x00000000736FF000-memory.dmp

memory/4676-1-0x0000000000570000-0x00000000005C0000-memory.dmp

memory/4676-2-0x0000000005270000-0x000000000576E000-memory.dmp

memory/4676-3-0x0000000004E50000-0x0000000004EE2000-memory.dmp

memory/4676-4-0x0000000004E20000-0x0000000004E2A000-memory.dmp

memory/4676-5-0x00000000736F0000-0x0000000073DDE000-memory.dmp

memory/4676-6-0x0000000005D80000-0x0000000006386000-memory.dmp

memory/4676-7-0x0000000005770000-0x000000000587A000-memory.dmp

memory/4676-8-0x0000000005070000-0x0000000005082000-memory.dmp

memory/4676-9-0x00000000050F0000-0x000000000512E000-memory.dmp

memory/4676-10-0x0000000005130000-0x000000000517B000-memory.dmp

memory/4676-11-0x00000000736FE000-0x00000000736FF000-memory.dmp

memory/4676-12-0x00000000736F0000-0x0000000073DDE000-memory.dmp