General
-
Target
14cd493a12d574d93b87302e3f76517b5e05ebca0c7572595f5256305d2fc6c3_NeikiAnalytics.exe
-
Size
601KB
-
Sample
240625-addrwasgjm
-
MD5
6d38f338629193941abbfd53130d01e0
-
SHA1
159a6d5f7b3282b8ed967b9bf9aa28402d5f75e5
-
SHA256
14cd493a12d574d93b87302e3f76517b5e05ebca0c7572595f5256305d2fc6c3
-
SHA512
bc184be3a3ffbd5b2c9dc2b1c54037db794235ecdba89964fcf9b3b7fbd981fb7f2cc343488daa5df369b271263139cdd6be0f12ebbd7f5fa00114d07aeb7efe
-
SSDEEP
12288:HL+hE3tgGE7hbEjQch3aYoEx9aWstr08SaPN+HZGokR:kGahgrYpEXmr0YN+HZS
Static task
static1
Behavioral task
behavioral1
Sample
14cd493a12d574d93b87302e3f76517b5e05ebca0c7572595f5256305d2fc6c3_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
redline
cheat
185.222.58.91:55615
Targets
-
-
Target
14cd493a12d574d93b87302e3f76517b5e05ebca0c7572595f5256305d2fc6c3_NeikiAnalytics.exe
-
Size
601KB
-
MD5
6d38f338629193941abbfd53130d01e0
-
SHA1
159a6d5f7b3282b8ed967b9bf9aa28402d5f75e5
-
SHA256
14cd493a12d574d93b87302e3f76517b5e05ebca0c7572595f5256305d2fc6c3
-
SHA512
bc184be3a3ffbd5b2c9dc2b1c54037db794235ecdba89964fcf9b3b7fbd981fb7f2cc343488daa5df369b271263139cdd6be0f12ebbd7f5fa00114d07aeb7efe
-
SSDEEP
12288:HL+hE3tgGE7hbEjQch3aYoEx9aWstr08SaPN+HZGokR:kGahgrYpEXmr0YN+HZS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-