General
-
Target
d78a91465d43fdc35c588f2803fdd280_NeikiAnalytics.exe
-
Size
306KB
-
Sample
240519-rvjg5abh21
-
MD5
d78a91465d43fdc35c588f2803fdd280
-
SHA1
5d071d7e7ba6f67822714618b468d5fe2a78935d
-
SHA256
b82077405e2ffbdde98ba345c1a4afe79ef79e5286320b3e0090e2af2cb8fbec
-
SHA512
3f8c436a6bbb26b7cc34fe2c66b3fd23e1a33b6816eaba6f0e79e7f0bdbf300298c0ebce8ea8f8628b4806b61e5d58c141d43927dc0518835f11162912629372
-
SSDEEP
6144:KUy+bnr+J8p0yN90QE+7QUMrIPQDQty0qJJhodvYrDxsDtPY6Y:0MrGy90IEU1P8QW3h2YrDstW
Static task
static1
Behavioral task
behavioral1
Sample
d78a91465d43fdc35c588f2803fdd280_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
motor
185.161.248.75:4132
-
auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f
Targets
-
-
Target
d78a91465d43fdc35c588f2803fdd280_NeikiAnalytics.exe
-
Size
306KB
-
MD5
d78a91465d43fdc35c588f2803fdd280
-
SHA1
5d071d7e7ba6f67822714618b468d5fe2a78935d
-
SHA256
b82077405e2ffbdde98ba345c1a4afe79ef79e5286320b3e0090e2af2cb8fbec
-
SHA512
3f8c436a6bbb26b7cc34fe2c66b3fd23e1a33b6816eaba6f0e79e7f0bdbf300298c0ebce8ea8f8628b4806b61e5d58c141d43927dc0518835f11162912629372
-
SSDEEP
6144:KUy+bnr+J8p0yN90QE+7QUMrIPQDQty0qJJhodvYrDxsDtPY6Y:0MrGy90IEU1P8QW3h2YrDstW
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1