General
-
Target
d25f89fd6e7ef5403b4a7ec4c1890da0_NeikiAnalytics
-
Size
409KB
-
Sample
240510-nmex7afb53
-
MD5
d25f89fd6e7ef5403b4a7ec4c1890da0
-
SHA1
bf0e6c72d1e92db96cb5d07dc77571ed8b2ccadf
-
SHA256
ed4895ba2b3535cf68f0a5a2a29a401498891fc8741543b4e8f2ba58b6622f3e
-
SHA512
29e9b9d44ddaab94042b8245a9c7e01148d63cac63975b81c7b7ade83cfa9016f41e39db6e24d80b87d3b1164d7f4a0dee804fb6f3d89093d14fc86824200ed9
-
SSDEEP
6144:6FQp0yN90QE2lUNiGYBsyKojCDI1VzepfsHLIzzb5hMa2665l/nRTXS:Gy90glUNiTBsyxCDI1Vzq0HsznMP5rS
Malware Config
Targets
-
-
Target
d25f89fd6e7ef5403b4a7ec4c1890da0_NeikiAnalytics
-
Size
409KB
-
MD5
d25f89fd6e7ef5403b4a7ec4c1890da0
-
SHA1
bf0e6c72d1e92db96cb5d07dc77571ed8b2ccadf
-
SHA256
ed4895ba2b3535cf68f0a5a2a29a401498891fc8741543b4e8f2ba58b6622f3e
-
SHA512
29e9b9d44ddaab94042b8245a9c7e01148d63cac63975b81c7b7ade83cfa9016f41e39db6e24d80b87d3b1164d7f4a0dee804fb6f3d89093d14fc86824200ed9
-
SSDEEP
6144:6FQp0yN90QE2lUNiGYBsyKojCDI1VzepfsHLIzzb5hMa2665l/nRTXS:Gy90glUNiTBsyxCDI1Vzq0HsznMP5rS
Score10/10-
Detect ZGRat V1
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1