redline | 9f9a7e912849a7a29954eae21cfb3129d40e9b9011304f62457a27e44ca142ea

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5f5471042ed8e96c7565fd2f16eac30_NeikiAnalytics.exe
Size

461KB
MD5

a5f5471042ed8e96c7565fd2f16eac30
SHA1

7348c3977d5a43231a787f48880a308fc10b3ea3
SHA256

9f9a7e912849a7a29954eae21cfb3129d40e9b9011304f62457a27e44ca142ea
SHA512

c07c3a9dc98d7cde712fdef017f661ad05992f3c2cb204f1e72282b1b673fb82c293df9796e8d118af9b31789c806972bce63c7af04440e7455c341abc0b021f
SSDEEP

6144:/hNEikahFTvEVWj6Sy6I3Wkulax67a3+xwSAkZRon/KayddG:JNxkahFTveW2GAWkulT7DLfdG

Score

10^/10

redline zgrat infostealer rat

Malware Config

Signatures

Detect ZGRat V1 35 IoCs

resource	yara_rule
behavioral2/memory/1884-5-0x0000000002760000-0x000000000279C000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-7-0x0000000002AD0000-0x0000000002B0A000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-13-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-21-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-69-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-67-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-66-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-61-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-59-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-57-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-55-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-53-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-51-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-49-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-47-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-45-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-41-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-39-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-37-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-35-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-33-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-31-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-29-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-27-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-23-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-19-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-17-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-15-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-71-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-63-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-43-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-25-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-11-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-9-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1
behavioral2/memory/1884-8-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 35 IoCs

resource	yara_rule
behavioral2/memory/1884-5-0x0000000002760000-0x000000000279C000-memory.dmp	family_redline
behavioral2/memory/1884-7-0x0000000002AD0000-0x0000000002B0A000-memory.dmp	family_redline
behavioral2/memory/1884-13-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-21-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-69-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-67-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-66-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-61-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-59-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-57-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-55-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-53-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-51-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-49-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-47-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-45-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-41-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-39-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-37-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-35-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-33-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-31-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-29-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-27-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-23-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-19-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-17-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-15-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-71-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-63-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-43-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-25-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-11-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-9-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline
behavioral2/memory/1884-8-0x0000000002AD0000-0x0000000002B05000-memory.dmp	family_redline

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1884	a5f5471042ed8e96c7565fd2f16eac30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a5f5471042ed8e96c7565fd2f16eac30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a5f5471042ed8e96c7565fd2f16eac30_NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-1-0x0000000000870000-0x0000000000970000-memory.dmp

Filesize
1024KB

Download
memory/1884-2-0x0000000002440000-0x0000000002486000-memory.dmp

Filesize
280KB

Download
memory/1884-3-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/1884-4-0x0000000000400000-0x0000000000817000-memory.dmp

Filesize
4.1MB

Download
memory/1884-5-0x0000000002760000-0x000000000279C000-memory.dmp

Filesize
240KB

Download
memory/1884-6-0x00000000050A0000-0x0000000005644000-memory.dmp

Filesize
5.6MB

Download
memory/1884-7-0x0000000002AD0000-0x0000000002B0A000-memory.dmp

Filesize
232KB

Download
memory/1884-13-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-21-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-69-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-67-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-66-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-61-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-59-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-57-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-55-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-53-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-51-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-49-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-47-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-45-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-41-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-39-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-37-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-35-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-33-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-31-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-29-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-27-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-23-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-19-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-17-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-15-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-71-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-63-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-43-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-25-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-11-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-9-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-8-0x0000000002AD0000-0x0000000002B05000-memory.dmp

Filesize
212KB

Download
memory/1884-800-0x0000000007AD0000-0x00000000080E8000-memory.dmp

Filesize
6.1MB

Download
memory/1884-801-0x0000000005040000-0x0000000005052000-memory.dmp

Filesize
72KB

Download
memory/1884-802-0x00000000080F0000-0x00000000081FA000-memory.dmp

Filesize
1.0MB

Download
memory/1884-803-0x0000000008200000-0x000000000823C000-memory.dmp

Filesize
240KB

Download
memory/1884-804-0x0000000002910000-0x000000000295C000-memory.dmp

Filesize
304KB

Download
memory/1884-805-0x0000000000870000-0x0000000000970000-memory.dmp

Filesize
1024KB

Download
memory/1884-807-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads