redline | eff8e0cdae3cb62e5abaac7fda132026f5a87e51bfd4cbe64c1a825fd04518de

Analysis

max time kernel
141s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ed7efc08e7e9b91ac6d1f92103d10a0_NeikiAnalytics.exe
Size

341KB
MD5

9ed7efc08e7e9b91ac6d1f92103d10a0
SHA1

2b74cdc51c9b661a35b6c66b9efb35324f011003
SHA256

eff8e0cdae3cb62e5abaac7fda132026f5a87e51bfd4cbe64c1a825fd04518de
SHA512

8e8e99577a95017cc2138c62e96369e1a13869de5b975ab6ee6de27c5c6490b50f20dc833c9406b1195b1d906fe9d66a127053277f45364e3297fddd721408ce
SSDEEP

6144:nYhZIJqcfqBbZVj2UVir0JNciLlhNcTy3mPY/1Fyj:YfUqcfqBzj28ir0JBh2qmQ/Pyj

Score

10^/10

redline zgrat infostealer rat

Malware Config

Signatures

Detect ZGRat V1 35 IoCs

resource	yara_rule
behavioral1/memory/2180-5-0x0000000001E50000-0x0000000001E8C000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-6-0x0000000002090000-0x00000000020CA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-7-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-40-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-64-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-70-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-68-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-66-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-62-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-60-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-59-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-56-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-54-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-52-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-50-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-48-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-46-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-44-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-42-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-38-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-37-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-34-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-32-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-31-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-28-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-27-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-24-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-22-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-20-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-18-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-16-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-14-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-12-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-10-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1
behavioral1/memory/2180-8-0x0000000002090000-0x00000000020C5000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 35 IoCs

resource	yara_rule
behavioral1/memory/2180-5-0x0000000001E50000-0x0000000001E8C000-memory.dmp	family_redline
behavioral1/memory/2180-6-0x0000000002090000-0x00000000020CA000-memory.dmp	family_redline
behavioral1/memory/2180-7-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-40-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-64-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-70-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-68-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-66-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-62-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-60-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-59-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-56-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-54-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-52-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-50-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-48-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-46-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-44-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-42-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-38-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-37-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-34-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-32-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-31-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-28-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-27-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-24-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-22-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-20-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-18-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-16-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-14-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-12-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-10-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline
behavioral1/memory/2180-8-0x0000000002090000-0x00000000020C5000-memory.dmp	family_redline

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2180	9ed7efc08e7e9b91ac6d1f92103d10a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9ed7efc08e7e9b91ac6d1f92103d10a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9ed7efc08e7e9b91ac6d1f92103d10a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2180-1-0x0000000000510000-0x0000000000610000-memory.dmp

Filesize
1024KB

Download
memory/2180-2-0x00000000002D0000-0x0000000000316000-memory.dmp

Filesize
280KB

Download
memory/2180-3-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/2180-4-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2180-5-0x0000000001E50000-0x0000000001E8C000-memory.dmp

Filesize
240KB

Download
memory/2180-6-0x0000000002090000-0x00000000020CA000-memory.dmp

Filesize
232KB

Download
memory/2180-7-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-40-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-64-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-70-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-68-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-66-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-62-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-60-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-59-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-56-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-54-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-52-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-50-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-48-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-46-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-44-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-42-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-38-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-37-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-34-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-32-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-31-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-28-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-27-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-24-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-22-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-20-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-18-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-16-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-14-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-12-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-10-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-8-0x0000000002090000-0x00000000020C5000-memory.dmp

Filesize
212KB

Download
memory/2180-800-0x0000000000510000-0x0000000000610000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads