Malware Analysis Report

2025-01-22 09:12

Sample ID 240705-apnq8axflj
Target Loader (1).zip
SHA256 40d6861fe84821ca8a2d3f226ac49f6406dada0a1504592dd86fb25b0136b896
Tags
redline infostealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

40d6861fe84821ca8a2d3f226ac49f6406dada0a1504592dd86fb25b0136b896

Threat Level: Known bad

The file Loader (1).zip was found to be: Known bad.

Malicious Activity Summary

redline infostealer

RedLine

RedLine payload

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-05 00:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-05 00:23

Reported

2024-07-05 00:25

Platform

win7-20240611-en

Max time kernel

101s

Max time network

103s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Loader (1).zip"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Loader (1).zip"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Loader\G£àpasswordG£à--free.txt

C:\Users\Admin\Desktop\Loader\loader.exe

"C:\Users\Admin\Desktop\Loader\loader.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Loader\tpm\sys-2023-10-01-074053 (2).log

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Loader\tpm\sys-2023-10-01-074053.log

Network

Country Destination Domain Proto
NL 45.15.156.142:33597 tcp
NL 45.15.156.142:33597 tcp

Files

memory/376-0-0x0000000000280000-0x00000000002D0000-memory.dmp

memory/376-4-0x0000000073CFE000-0x0000000073CFF000-memory.dmp

memory/376-5-0x0000000073CFE000-0x0000000073CFF000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-05 00:23

Reported

2024-07-05 00:26

Platform

win10v2004-20240704-en

Max time kernel

94s

Max time network

130s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Loader (1).zip"

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Loader (1).zip"

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A