Behavioral task
behavioral1
Sample
051571fe6a02149a3a3aa2bab6703c00_NeikiAnalytics.exe
Resource
win7-20240221-en
General
-
Target
051571fe6a02149a3a3aa2bab6703c00_NeikiAnalytics.exe
-
Size
172KB
-
MD5
051571fe6a02149a3a3aa2bab6703c00
-
SHA1
f082351d92d3d8fd224634afd908ed4d107013ff
-
SHA256
d8ef5ae19d759524d9e72a70de36e41c64e3ad465f94c6d39c7e2645c3363bd1
-
SHA512
d1c43f90e9139ae9fef290fafac11e5b19b51e463ee422ee48bd54b2e5f4ce41068af77cd3d30bb05a016d2925b8dd1cf10fa25e59dca12c727ee786bfb2e03f
-
SSDEEP
3072:RqaJm74qpXtmOnJjBawT253uaxfKfVvXgDOL3DzpPL0F0JCb3O3Cb3hHSHUEcC8p:psfdPnth
Malware Config
Extracted
redline
82.115.223.46:57672
-
auth_value
25566e143199c0836b0e51542c425f6e
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 051571fe6a02149a3a3aa2bab6703c00_NeikiAnalytics.exe
Files
-
051571fe6a02149a3a3aa2bab6703c00_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 103KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ