Overview

overview

10

Static

static

10

0a1e1d868d...cs.exe

windows7-x64

1

0a1e1d868d...cs.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a1e1d868dfefc1a6f52fb843d0c5a60_NeikiAnalytics.exe

  • Size

    168KB

  • Sample

    240525-xb4a3sdh6v

  • MD5

    0a1e1d868dfefc1a6f52fb843d0c5a60

  • SHA1

    1a69f5b9c0168a62758474c6b5c46933181af42a

  • SHA256

    8416cfd085b7ef5a5a3708e7aba52b6f4acd5d0f432c62338c80bd07f78c18c8

  • SHA512

    871d22f5899ce6c8e62c3b8539c9de2bfdb5aae1680c3baf6405df1b6d7475115e97b390a76caa0b82e459638518912958d5814539c4fefff8ef1c70ff430b30

  • SSDEEP

    1536:He9KqhVZCGWDv7zPB/8Wc9agcwV3tTGqVE1WbuXMOJsy4C9u184wYkM8e8hj:HwijR8WcTBkqVE8pOJn4C9u158e8hj

Score
10/10
redlinegrommicrosoftphishing

Malware Config

Extracted

Family

redline

Botnet

grom

C2

83.97.73.127:19045

Attributes
  • auth_value

    2193aac8692a5e1ec66d9db9fa25ee00

Targets

    • Target

      0a1e1d868dfefc1a6f52fb843d0c5a60_NeikiAnalytics.exe

    • Size

      168KB

    • MD5

      0a1e1d868dfefc1a6f52fb843d0c5a60

    • SHA1

      1a69f5b9c0168a62758474c6b5c46933181af42a

    • SHA256

      8416cfd085b7ef5a5a3708e7aba52b6f4acd5d0f432c62338c80bd07f78c18c8

    • SHA512

      871d22f5899ce6c8e62c3b8539c9de2bfdb5aae1680c3baf6405df1b6d7475115e97b390a76caa0b82e459638518912958d5814539c4fefff8ef1c70ff430b30

    • SSDEEP

      1536:He9KqhVZCGWDv7zPB/8Wc9agcwV3tTGqVE1WbuXMOJsy4C9u184wYkM8e8hj:HwijR8WcTBkqVE8pOJn4C9u158e8hj

    Score
    5/10
    microsoftphishing
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks