General

  • Target

    c73beae6293b678aa56151711c305b70_NeikiAnalytics.exe

  • Size

    753KB

  • Sample

    240519-qhw21sac9s

  • MD5

    c73beae6293b678aa56151711c305b70

  • SHA1

    b8fa8a4926ae4057ff977511633f3e894706d7da

  • SHA256

    97c70d1d24f2729a4381dc6e5ab2708f831dccc13c3a06c9ea2bec12d76ccadc

  • SHA512

    4a61f95060899a7205f447263b38a21bd22e7bc91d88f054b5b7da74db6d40d0fb1942872a71b4a0c8bb1321541da074a6f1076899d5a1675553ddffc0f56571

  • SSDEEP

    12288:jMrZy90ikwlWvJSeo+P0T6Q3h2LaDaSO7ytJF+AgLk1eDsrap7JHjYrqDN:uydkw8SeIoCaSO7ytJF2h7J8uZ

Malware Config

Extracted

Family

redline

Botnet

motor

C2

185.161.248.75:4132

Attributes
  • auth_value

    ec19ab9989a783983c5cbbc0e5ac4a5f

Targets

    • Target

      c73beae6293b678aa56151711c305b70_NeikiAnalytics.exe

    • Size

      753KB

    • MD5

      c73beae6293b678aa56151711c305b70

    • SHA1

      b8fa8a4926ae4057ff977511633f3e894706d7da

    • SHA256

      97c70d1d24f2729a4381dc6e5ab2708f831dccc13c3a06c9ea2bec12d76ccadc

    • SHA512

      4a61f95060899a7205f447263b38a21bd22e7bc91d88f054b5b7da74db6d40d0fb1942872a71b4a0c8bb1321541da074a6f1076899d5a1675553ddffc0f56571

    • SSDEEP

      12288:jMrZy90ikwlWvJSeo+P0T6Q3h2LaDaSO7ytJF+AgLk1eDsrap7JHjYrqDN:uydkw8SeIoCaSO7ytJF2h7J8uZ

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks