General
-
Target
85b1b1e357039975bd20490c39597e10_NEIKI
-
Size
1.1MB
-
Sample
240508-2rckhsea96
-
MD5
85b1b1e357039975bd20490c39597e10
-
SHA1
94f5d104a72f8080b6ead819cafadb8e8bba346d
-
SHA256
17e989968f9c8168fe118098ed7ecf6e15c476d21662ff9f7207d0cb23f4320b
-
SHA512
f0341e82d8bfb6966f41bc9c1c61de7f4680328cc0bc86f3c8feb9e39aeb68f704f18ed50085946f41813ef1eb2ef4469237f59ddded5ade9b33d583f93093f1
-
SSDEEP
24576:CyPS4sdckhDybKfBQlcfYXvyuHqphvAlx/K76ora0X/7wCRmOWwb4:pPS2kh+WeEevdKphvc/nMXsYNf
Static task
static1
Behavioral task
behavioral1
Sample
85b1b1e357039975bd20490c39597e10_NEIKI.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
horda
194.49.94.152:19053
Extracted
risepro
194.49.94.152
Targets
-
-
Target
85b1b1e357039975bd20490c39597e10_NEIKI
-
Size
1.1MB
-
MD5
85b1b1e357039975bd20490c39597e10
-
SHA1
94f5d104a72f8080b6ead819cafadb8e8bba346d
-
SHA256
17e989968f9c8168fe118098ed7ecf6e15c476d21662ff9f7207d0cb23f4320b
-
SHA512
f0341e82d8bfb6966f41bc9c1c61de7f4680328cc0bc86f3c8feb9e39aeb68f704f18ed50085946f41813ef1eb2ef4469237f59ddded5ade9b33d583f93093f1
-
SSDEEP
24576:CyPS4sdckhDybKfBQlcfYXvyuHqphvAlx/K76ora0X/7wCRmOWwb4:pPS2kh+WeEevdKphvc/nMXsYNf
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-