General

  • Target

    24113d3ed2dc8ba8789b2874addb0750_NEIKI

  • Size

    307KB

  • Sample

    240508-j5j8eade68

  • MD5

    24113d3ed2dc8ba8789b2874addb0750

  • SHA1

    2901dff1dd1b5b619d48c8d04d22c185922e651b

  • SHA256

    94cb7f4064a3c804b1fa19c3f5dc17ae361ced8153e20bd02842c65e16d1e3ae

  • SHA512

    409754870b1cf18269d84a798f69e11cb54540d12217fc0674524ef0e3d42ce38d199d45b7e1b7cb96a70fff87704561b6208bb58bc2628881b9a3d7422aecc7

  • SSDEEP

    6144:Kxy+bnr++p0yN90QEA5F5OYc1u31g4TBylzQbR/JOF:HMriy90mxc1u31TTEtQb1JOF

Malware Config

Targets

    • Target

      24113d3ed2dc8ba8789b2874addb0750_NEIKI

    • Size

      307KB

    • MD5

      24113d3ed2dc8ba8789b2874addb0750

    • SHA1

      2901dff1dd1b5b619d48c8d04d22c185922e651b

    • SHA256

      94cb7f4064a3c804b1fa19c3f5dc17ae361ced8153e20bd02842c65e16d1e3ae

    • SHA512

      409754870b1cf18269d84a798f69e11cb54540d12217fc0674524ef0e3d42ce38d199d45b7e1b7cb96a70fff87704561b6208bb58bc2628881b9a3d7422aecc7

    • SSDEEP

      6144:Kxy+bnr++p0yN90QEA5F5OYc1u31g4TBylzQbR/JOF:HMriy90mxc1u31TTEtQb1JOF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks