General

  • Target

    577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18_NeikiAnalytics

  • Size

    287KB

  • Sample

    240521-qxlvlafg84

  • MD5

    ccc3f2902ba8c50b9df3e68074bea6e0

  • SHA1

    472debca46d5142a06ef51923aa62fb0646eeeae

  • SHA256

    577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18

  • SHA512

    571a9384d85dd4a2fe4687128c69f34ec2a025337be7256a452fdebc66c0af40d4cd8ead831ba57507761326ed8d9f873697277a1752b2c1c8b3060e1b731db4

  • SSDEEP

    6144:oUkqu0JvwY4SD43orGgWfa+syUkPtCOZebsA82hABLsi:oHYJIY4SW8mfaet3ebsABh4

Malware Config

Extracted

Family

redline

Botnet

5195552529

C2

https://pastebin.com/raw/NgsUAPya

Targets

    • Target

      577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18_NeikiAnalytics

    • Size

      287KB

    • MD5

      ccc3f2902ba8c50b9df3e68074bea6e0

    • SHA1

      472debca46d5142a06ef51923aa62fb0646eeeae

    • SHA256

      577dd0e8d52d81ca6648cc2d648f6c3ee6ea6b996d1e3f4c399beee1421d4e18

    • SHA512

      571a9384d85dd4a2fe4687128c69f34ec2a025337be7256a452fdebc66c0af40d4cd8ead831ba57507761326ed8d9f873697277a1752b2c1c8b3060e1b731db4

    • SSDEEP

      6144:oUkqu0JvwY4SD43orGgWfa+syUkPtCOZebsA82hABLsi:oHYJIY4SW8mfaet3ebsABh4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks