General

  • Target

    2cf3440b2d80262ff7e81b5e204dbd20_NeikiAnalytics.exe

  • Size

    549KB

  • Sample

    240516-zcv27sfc45

  • MD5

    2cf3440b2d80262ff7e81b5e204dbd20

  • SHA1

    d6356872e9a662519642cc082e006f8740acdf6b

  • SHA256

    0585e6076efbd458084570eedaa67d5aa4ab5d9e84dab51575700d81fc62b339

  • SHA512

    b4119ab90a205788b835899937ce4bd4582f635839ce2864d4adcfe684a1b372b94071c1f49469c9fdb0575719f4ab23a3bb4a959d23e9cc36b9353c780cd4b0

  • SSDEEP

    12288:6MrMy90IsGEEvxrgzFE9q68EslUpPdxzEKz41d0E50Uo:6yDsErf9N+lUbx0p50Uo

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.68.70:19073

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      2cf3440b2d80262ff7e81b5e204dbd20_NeikiAnalytics.exe

    • Size

      549KB

    • MD5

      2cf3440b2d80262ff7e81b5e204dbd20

    • SHA1

      d6356872e9a662519642cc082e006f8740acdf6b

    • SHA256

      0585e6076efbd458084570eedaa67d5aa4ab5d9e84dab51575700d81fc62b339

    • SHA512

      b4119ab90a205788b835899937ce4bd4582f635839ce2864d4adcfe684a1b372b94071c1f49469c9fdb0575719f4ab23a3bb4a959d23e9cc36b9353c780cd4b0

    • SSDEEP

      12288:6MrMy90IsGEEvxrgzFE9q68EslUpPdxzEKz41d0E50Uo:6yDsErf9N+lUbx0p50Uo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks