General

  • Target

    d78a91465d43fdc35c588f2803fdd280_NeikiAnalytics.exe

  • Size

    306KB

  • Sample

    240519-rvjg5abh21

  • MD5

    d78a91465d43fdc35c588f2803fdd280

  • SHA1

    5d071d7e7ba6f67822714618b468d5fe2a78935d

  • SHA256

    b82077405e2ffbdde98ba345c1a4afe79ef79e5286320b3e0090e2af2cb8fbec

  • SHA512

    3f8c436a6bbb26b7cc34fe2c66b3fd23e1a33b6816eaba6f0e79e7f0bdbf300298c0ebce8ea8f8628b4806b61e5d58c141d43927dc0518835f11162912629372

  • SSDEEP

    6144:KUy+bnr+J8p0yN90QE+7QUMrIPQDQty0qJJhodvYrDxsDtPY6Y:0MrGy90IEU1P8QW3h2YrDstW

Malware Config

Extracted

Family

redline

Botnet

motor

C2

185.161.248.75:4132

Attributes
  • auth_value

    ec19ab9989a783983c5cbbc0e5ac4a5f

Targets

    • Target

      d78a91465d43fdc35c588f2803fdd280_NeikiAnalytics.exe

    • Size

      306KB

    • MD5

      d78a91465d43fdc35c588f2803fdd280

    • SHA1

      5d071d7e7ba6f67822714618b468d5fe2a78935d

    • SHA256

      b82077405e2ffbdde98ba345c1a4afe79ef79e5286320b3e0090e2af2cb8fbec

    • SHA512

      3f8c436a6bbb26b7cc34fe2c66b3fd23e1a33b6816eaba6f0e79e7f0bdbf300298c0ebce8ea8f8628b4806b61e5d58c141d43927dc0518835f11162912629372

    • SSDEEP

      6144:KUy+bnr+J8p0yN90QE+7QUMrIPQDQty0qJJhodvYrDxsDtPY6Y:0MrGy90IEU1P8QW3h2YrDstW

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks