General
-
Target
5c07ea21ef1f3ef273137ed884ae80c0_NeikiAnalytics
-
Size
307KB
-
Sample
240515-b3fs7sbd86
-
MD5
5c07ea21ef1f3ef273137ed884ae80c0
-
SHA1
dd3e6f15c033949fbacd0eb5717fa5b9f1867515
-
SHA256
6bc897b2628233ed80a62fd1df052f4e8d65dd70c9d40aada7a17519d9293e6c
-
SHA512
c6f55bf84c7ad4d7c2d930ed452e76c7c3d520e94283811e7c6de3708764c7e5b63d00e96e2bd3f519daae9ab5d2f189b440740ad653be166391e2c7ffa475fa
-
SSDEEP
6144:K1y+bnr+dp0yN90QEb5F5OYc1u31g4TByZ/w7QK1N4ydVLDT:jMrhy90Txc1u31TTEZw7rFL
Static task
static1
Behavioral task
behavioral1
Sample
5c07ea21ef1f3ef273137ed884ae80c0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
mufos
217.196.96.102:4132
-
auth_value
136f202e6569ad5815c34377858a255c
Targets
-
-
Target
5c07ea21ef1f3ef273137ed884ae80c0_NeikiAnalytics
-
Size
307KB
-
MD5
5c07ea21ef1f3ef273137ed884ae80c0
-
SHA1
dd3e6f15c033949fbacd0eb5717fa5b9f1867515
-
SHA256
6bc897b2628233ed80a62fd1df052f4e8d65dd70c9d40aada7a17519d9293e6c
-
SHA512
c6f55bf84c7ad4d7c2d930ed452e76c7c3d520e94283811e7c6de3708764c7e5b63d00e96e2bd3f519daae9ab5d2f189b440740ad653be166391e2c7ffa475fa
-
SSDEEP
6144:K1y+bnr+dp0yN90QEb5F5OYc1u31g4TByZ/w7QK1N4ydVLDT:jMrhy90Txc1u31TTEZw7rFL
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1