General
-
Target
49a50984850c9f0ddb7e50596fa38c97f86915635a2d83c9c1f53e5e72ba9701_NeikiAnalytics.exe
-
Size
433KB
-
Sample
240626-emc9xstfja
-
MD5
6ceecba79d0895eb3d914391ca2cc2c0
-
SHA1
c2a2387735af8ec9e73178f5294387e14771ab6f
-
SHA256
49a50984850c9f0ddb7e50596fa38c97f86915635a2d83c9c1f53e5e72ba9701
-
SHA512
aec66aa9227e074578a53b936f9b532a8748bfa05e8bfdff89a90ccdf1441432c6abb16a8b69b631d1685f88174dfe7b83327bfe25e875b78bd8fc14acc1f345
-
SSDEEP
12288:jMr8y90e4boilTG1au4t+h5jAXqrrc7v1:TyT+oSG5jA9Z
Static task
static1
Behavioral task
behavioral1
Sample
49a50984850c9f0ddb7e50596fa38c97f86915635a2d83c9c1f53e5e72ba9701_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
amadey
3.87
59b440
http://77.91.68.18
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
-
url_paths
/nice/index.php
Extracted
redline
mrak
77.91.124.82:19071
-
auth_value
7d9a335ab5dfd42d374867c96fe25302
Targets
-
-
Target
49a50984850c9f0ddb7e50596fa38c97f86915635a2d83c9c1f53e5e72ba9701_NeikiAnalytics.exe
-
Size
433KB
-
MD5
6ceecba79d0895eb3d914391ca2cc2c0
-
SHA1
c2a2387735af8ec9e73178f5294387e14771ab6f
-
SHA256
49a50984850c9f0ddb7e50596fa38c97f86915635a2d83c9c1f53e5e72ba9701
-
SHA512
aec66aa9227e074578a53b936f9b532a8748bfa05e8bfdff89a90ccdf1441432c6abb16a8b69b631d1685f88174dfe7b83327bfe25e875b78bd8fc14acc1f345
-
SSDEEP
12288:jMr8y90e4boilTG1au4t+h5jAXqrrc7v1:TyT+oSG5jA9Z
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1