General

  • Target

    d96da6b249900de66bdb82bb6219b7b0_NeikiAnalytics.exe

  • Size

    904KB

  • Sample

    240519-r2fd2sca7v

  • MD5

    d96da6b249900de66bdb82bb6219b7b0

  • SHA1

    8babfbe8640ee8baac11a503cae84b42f5882260

  • SHA256

    b801af6d2d7ac10b1ba2fbe3f54b34ad257f67aa8fe1fecee5ddc809e7906be1

  • SHA512

    0d6d43bb112af685f4f46f7bfde88de577f37d8f77def299a463501672c15cf760d96e1e807f91dd6672cee7d8f1bb508c73fa4790d65074831d6f16138b8812

  • SSDEEP

    12288:+EzqAIE3kNuyBCucLZWPq1cZLjxf0qv71FUG61Dgx230gx6tvuLqpxS4aEr7SLTU:NzqhE3kNrkUamdfRtf3

Malware Config

Extracted

Family

redline

Botnet

terra

C2

185.161.248.75:4132

Attributes
  • auth_value

    60df3f535f8aa4e264f78041983592d2

Targets

    • Target

      d96da6b249900de66bdb82bb6219b7b0_NeikiAnalytics.exe

    • Size

      904KB

    • MD5

      d96da6b249900de66bdb82bb6219b7b0

    • SHA1

      8babfbe8640ee8baac11a503cae84b42f5882260

    • SHA256

      b801af6d2d7ac10b1ba2fbe3f54b34ad257f67aa8fe1fecee5ddc809e7906be1

    • SHA512

      0d6d43bb112af685f4f46f7bfde88de577f37d8f77def299a463501672c15cf760d96e1e807f91dd6672cee7d8f1bb508c73fa4790d65074831d6f16138b8812

    • SSDEEP

      12288:+EzqAIE3kNuyBCucLZWPq1cZLjxf0qv71FUG61Dgx230gx6tvuLqpxS4aEr7SLTU:NzqhE3kNrkUamdfRtf3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks