General

  • Target

    874f0118364b3b6a779c152eef6a80d0_NEIKI

  • Size

    828KB

  • Sample

    240508-nmqppacg83

  • MD5

    874f0118364b3b6a779c152eef6a80d0

  • SHA1

    682a22a08a05b309bfe80a4894e93de0d892c6e3

  • SHA256

    02c468753c3abc1ed70a55f0cdede5c47b32a80c068348be67471e5e1d88104c

  • SHA512

    10670d9e51d3fff3c91facd3f6fa6bcf1d165156364134a77863626dfcb8a3dba6772dd8388d80417f6eb78598b9a6c689187e45f4f9470286bc23a0a0506642

  • SSDEEP

    24576:Ny+vejioKutJaKLrDRqb8gA6butMvZxRPp:onjiohrrNo57F

Malware Config

Targets

    • Target

      874f0118364b3b6a779c152eef6a80d0_NEIKI

    • Size

      828KB

    • MD5

      874f0118364b3b6a779c152eef6a80d0

    • SHA1

      682a22a08a05b309bfe80a4894e93de0d892c6e3

    • SHA256

      02c468753c3abc1ed70a55f0cdede5c47b32a80c068348be67471e5e1d88104c

    • SHA512

      10670d9e51d3fff3c91facd3f6fa6bcf1d165156364134a77863626dfcb8a3dba6772dd8388d80417f6eb78598b9a6c689187e45f4f9470286bc23a0a0506642

    • SSDEEP

      24576:Ny+vejioKutJaKLrDRqb8gA6butMvZxRPp:onjiohrrNo57F

    • Detect ZGRat V1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks