General
-
Target
397d054bfb512d8d06d17a46b4eccc30_NeikiAnalytics.exe
-
Size
430KB
-
Sample
240607-re128shd3x
-
MD5
397d054bfb512d8d06d17a46b4eccc30
-
SHA1
25904ea7f10a0e12ab1b1338aa58eee280cc4439
-
SHA256
00a32ad04a07bb78eb4976e80cf8b9f8e568719dc80a6ae1db7e6dac75f8d176
-
SHA512
de396b59144b1e222fc8c08c73c56e683fc33cc113f5c7240bb685cd8be376c544d845b0a9b604f872b83db0d31c2ae5aaf212cb372882ad44dd298e237be8ff
-
SSDEEP
6144:KZy+bnr+mp0yN90QEaO5Bj1ePCkRlkqqnyt3ZkMjc20Ti3y2W1g5UwVMiKd4LrIQ:TMryy90UOrcb4yFyMjn0TXTd2IR3+hZ
Static task
static1
Behavioral task
behavioral1
Sample
397d054bfb512d8d06d17a46b4eccc30_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
hares
83.97.73.128:19071
-
auth_value
62fed2fd42b168e956200885cefb36a7
Targets
-
-
Target
397d054bfb512d8d06d17a46b4eccc30_NeikiAnalytics.exe
-
Size
430KB
-
MD5
397d054bfb512d8d06d17a46b4eccc30
-
SHA1
25904ea7f10a0e12ab1b1338aa58eee280cc4439
-
SHA256
00a32ad04a07bb78eb4976e80cf8b9f8e568719dc80a6ae1db7e6dac75f8d176
-
SHA512
de396b59144b1e222fc8c08c73c56e683fc33cc113f5c7240bb685cd8be376c544d845b0a9b604f872b83db0d31c2ae5aaf212cb372882ad44dd298e237be8ff
-
SSDEEP
6144:KZy+bnr+mp0yN90QEaO5Bj1ePCkRlkqqnyt3ZkMjc20Ti3y2W1g5UwVMiKd4LrIQ:TMryy90UOrcb4yFyMjn0TXTd2IR3+hZ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1