General
-
Target
13d3d449571b1e91461c47906718b6e0_NeikiAnalytics.exe
-
Size
679KB
-
Sample
240519-w1gmyabe3t
-
MD5
13d3d449571b1e91461c47906718b6e0
-
SHA1
53745fe45c1fbd80fec88d00cc11286ad06fd108
-
SHA256
b66a5fd24a0e77f6772324d98bc7778c5e44751382f2b4c98db10690232c606b
-
SHA512
7c148187762f3e634d179690f18d71895ac743037a6b4327be48e3def7a26e001c0ea51c10c07ba35b14b56b3b7923630bcc2b1925928e21ebcb08a6409016b6
-
SSDEEP
12288:SSiG+EdrLbDZaNRpsMTBO1IwNgrCNchl0nJ8k6C2AaTC1H+1x/:nhLDZMRpRTGr8kJ96C
Malware Config
Extracted
redline
4
94.156.8.28:65012
Targets
-
-
Target
13d3d449571b1e91461c47906718b6e0_NeikiAnalytics.exe
-
Size
679KB
-
MD5
13d3d449571b1e91461c47906718b6e0
-
SHA1
53745fe45c1fbd80fec88d00cc11286ad06fd108
-
SHA256
b66a5fd24a0e77f6772324d98bc7778c5e44751382f2b4c98db10690232c606b
-
SHA512
7c148187762f3e634d179690f18d71895ac743037a6b4327be48e3def7a26e001c0ea51c10c07ba35b14b56b3b7923630bcc2b1925928e21ebcb08a6409016b6
-
SSDEEP
12288:SSiG+EdrLbDZaNRpsMTBO1IwNgrCNchl0nJ8k6C2AaTC1H+1x/:nhLDZMRpRTGr8kJ96C
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-