Overview

overview

10

Static

static

10

0135b16bf4...cs.exe

windows7-x64

10

0135b16bf4...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 20:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0135b16bf460afca41848cff18050f90_NeikiAnalytics.exe

  • Size

    172KB

  • MD5

    0135b16bf460afca41848cff18050f90

  • SHA1

    0c042cb2f387f622e45971a74d872a5792549943

  • SHA256

    46f1d7f36eca0ff91a9b5c8a403161a7fe1b307fa7df6facb8594306363f48d7

  • SHA512

    883bf855bbf5616d059ef11346c85d6d30388db8912e7e83ed10190e8d92b0c1d9c7ff9f05fecc60a0f33609db357bb3710be1ccc7e694fe7df68b03cc2ae48e

  • SSDEEP

    3072:b47FCYO0NJQ5S0xNcIA7qVJeNGT8e8hy:bvd0AEnCVJeNGT

Score
10/10
redlinedrakeinfostealer

Malware Config

Extracted

Family

redline

Botnet

drake

C2

83.97.73.131:19071

Attributes
  • auth_value

    74ce6ffe4025a2e4027fb727915e7d7c

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0135b16bf460afca41848cff18050f90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0135b16bf460afca41848cff18050f90_NeikiAnalytics.exe"
    1⤵
      PID:1832
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4212,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:8
      1⤵
        PID:3216

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1832-0-0x000000007446E000-0x000000007446F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-1-0x0000000000EE0000-0x0000000000F10000-memory.dmp

        Filesize

        192KB

        Download

      • memory/1832-2-0x0000000003360000-0x0000000003366000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1832-3-0x0000000005F40000-0x0000000006558000-memory.dmp

        Filesize

        6.1MB

        Download

      • memory/1832-4-0x0000000005A30000-0x0000000005B3A000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1832-5-0x0000000005960000-0x0000000005972000-memory.dmp

        Filesize

        72KB

        Download

      • memory/1832-6-0x0000000074460000-0x0000000074C10000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1832-7-0x00000000059C0000-0x00000000059FC000-memory.dmp

        Filesize

        240KB

        Download

      • memory/1832-8-0x0000000005B40000-0x0000000005B8C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/1832-9-0x000000007446E000-0x000000007446F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-10-0x0000000074460000-0x0000000074C10000-memory.dmp

        Filesize

        7.7MB

        Download