General
-
Target
fd7dcacb69826ecd52753daee902fed0_NEIKI
-
Size
1.1MB
-
Sample
240509-ftshvsfc32
-
MD5
fd7dcacb69826ecd52753daee902fed0
-
SHA1
132dcdc2e011cc38bc4b84a100576f8b7dc87ca5
-
SHA256
19f388719fc70cea55990d9671795d053d4b60127b65313a4c06fc3188ae068f
-
SHA512
1f570c480536e4ab81af6a2594b3b247f93532c80eff4d0703d9a5788cbcb244d944e4f2a05ee0b980d8be008440375bae39326296b8f9f379d5e9a1e1aafe73
-
SSDEEP
24576:uyZKgG/zR5rPl0JGuEGRnF0W9zMZliurcMdygnRrfiQ7k:94/z7qJHEGRF0G4CurcM7taQ
Static task
static1
Behavioral task
behavioral1
Sample
fd7dcacb69826ecd52753daee902fed0_NEIKI.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
horda
194.49.94.152:19053
Extracted
risepro
194.49.94.152
Targets
-
-
Target
fd7dcacb69826ecd52753daee902fed0_NEIKI
-
Size
1.1MB
-
MD5
fd7dcacb69826ecd52753daee902fed0
-
SHA1
132dcdc2e011cc38bc4b84a100576f8b7dc87ca5
-
SHA256
19f388719fc70cea55990d9671795d053d4b60127b65313a4c06fc3188ae068f
-
SHA512
1f570c480536e4ab81af6a2594b3b247f93532c80eff4d0703d9a5788cbcb244d944e4f2a05ee0b980d8be008440375bae39326296b8f9f379d5e9a1e1aafe73
-
SSDEEP
24576:uyZKgG/zR5rPl0JGuEGRnF0W9zMZliurcMdygnRrfiQ7k:94/z7qJHEGRF0G4CurcM7taQ
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-