Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e6c91199dccbf70fcb1ac3e47cc67ee0_NeikiAnalytics
-
Size
1.1MB
-
Sample
240516-vy7kxafd51
-
MD5
e6c91199dccbf70fcb1ac3e47cc67ee0
-
SHA1
da5e14743674dfe3cc8deff2fd4343281980c3d9
-
SHA256
4499a634936f69123cefe21b737da04378dfa55704a050401674eb0cff8a0878
-
SHA512
1c64a6bec6f6dfde11b10b39f37eede2af11e967aef4ed525e9544374211b7db47e67d16727ca27f23de69ad4ea3acc991fbd9a48cf3d199f5ed92b2c533740a
-
SSDEEP
24576:pyKjRVpBRnS57d+Quoyz/MtuNu9glW8BC5sm9Buga7z2y+:cKHpBRnShdl079NzlW8MC8uzD
Static task
static1
Behavioral task
behavioral1
Sample
e6c91199dccbf70fcb1ac3e47cc67ee0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
motor
185.161.248.75:4132
-
auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f
Targets
-
-
Target
e6c91199dccbf70fcb1ac3e47cc67ee0_NeikiAnalytics
-
Size
1.1MB
-
MD5
e6c91199dccbf70fcb1ac3e47cc67ee0
-
SHA1
da5e14743674dfe3cc8deff2fd4343281980c3d9
-
SHA256
4499a634936f69123cefe21b737da04378dfa55704a050401674eb0cff8a0878
-
SHA512
1c64a6bec6f6dfde11b10b39f37eede2af11e967aef4ed525e9544374211b7db47e67d16727ca27f23de69ad4ea3acc991fbd9a48cf3d199f5ed92b2c533740a
-
SSDEEP
24576:pyKjRVpBRnS57d+Quoyz/MtuNu9glW8BC5sm9Buga7z2y+:cKHpBRnShdl079NzlW8MC8uzD
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1