General
-
Target
577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18_NeikiAnalytics
-
Size
287KB
-
Sample
240521-qxlvlafg84
-
MD5
ccc3f2902ba8c50b9df3e68074bea6e0
-
SHA1
472debca46d5142a06ef51923aa62fb0646eeeae
-
SHA256
577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18
-
SHA512
571a9384d85dd4a2fe4687128c69f34ec2a025337be7256a452fdebc66c0af40d4cd8ead831ba57507761326ed8d9f873697277a1752b2c1c8b3060e1b731db4
-
SSDEEP
6144:oUkqu0JvwY4SD43orGgWfa+syUkPtCOZebsA82hABLsi:oHYJIY4SW8mfaet3ebsABh4
Static task
static1
Behavioral task
behavioral1
Sample
577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
5195552529
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18_NeikiAnalytics
-
Size
287KB
-
MD5
ccc3f2902ba8c50b9df3e68074bea6e0
-
SHA1
472debca46d5142a06ef51923aa62fb0646eeeae
-
SHA256
577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18
-
SHA512
571a9384d85dd4a2fe4687128c69f34ec2a025337be7256a452fdebc66c0af40d4cd8ead831ba57507761326ed8d9f873697277a1752b2c1c8b3060e1b731db4
-
SSDEEP
6144:oUkqu0JvwY4SD43orGgWfa+syUkPtCOZebsA82hABLsi:oHYJIY4SW8mfaet3ebsABh4
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-