General
-
Target
de6ec5ecd0fb5df9bb61356bdb613720_NEIKI
-
Size
1.3MB
-
Sample
240509-dyw1qsah26
-
MD5
de6ec5ecd0fb5df9bb61356bdb613720
-
SHA1
012d12d0c983d46dbe8070afed6cd1fe3b822059
-
SHA256
2205cde9df1fff80fa78b0e7a0306504a5024986b4ca6712664e77dba9b3d42d
-
SHA512
fd115ab8626f100dd1a54c94d641e3ac4dded2de53ae9e705b9ac0a261ae07c3d311465d7496cf7a6a8dbe5ee6058e6a5c5300d68771621e5023d035637eee21
-
SSDEEP
24576:GyrAD4RJwD6pFRJDp1GBNaZAKf6BcmP+oJeWNzB/I1YGrpHuVz:VsDKJwD6P/Fj6B5GwNzBAVUV
Static task
static1
Behavioral task
behavioral1
Sample
de6ec5ecd0fb5df9bb61356bdb613720_NEIKI.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
horda
194.49.94.152:19053
Extracted
risepro
194.49.94.152
Targets
-
-
Target
de6ec5ecd0fb5df9bb61356bdb613720_NEIKI
-
Size
1.3MB
-
MD5
de6ec5ecd0fb5df9bb61356bdb613720
-
SHA1
012d12d0c983d46dbe8070afed6cd1fe3b822059
-
SHA256
2205cde9df1fff80fa78b0e7a0306504a5024986b4ca6712664e77dba9b3d42d
-
SHA512
fd115ab8626f100dd1a54c94d641e3ac4dded2de53ae9e705b9ac0a261ae07c3d311465d7496cf7a6a8dbe5ee6058e6a5c5300d68771621e5023d035637eee21
-
SSDEEP
24576:GyrAD4RJwD6pFRJDp1GBNaZAKf6BcmP+oJeWNzB/I1YGrpHuVz:VsDKJwD6P/Fj6B5GwNzBAVUV
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-