General
-
Target
057cdca456ab6f349e7a0c5d266607f865a2925c1fcc221a965f62783fd100a4_NeikiAnalytics.exe
-
Size
795KB
-
Sample
240626-t5qqasshpb
-
MD5
3ff70660ba6803338c83249ef161cc10
-
SHA1
56fba5e6baabe26aa8193089637f0f6c3d51398c
-
SHA256
057cdca456ab6f349e7a0c5d266607f865a2925c1fcc221a965f62783fd100a4
-
SHA512
44c406fce4f20dc099986a03d36124f85b054aa39c45a87d1cf22d3679e2e31f0a420803b8dd9a11a270b71351615f151ad59b0078b48eb43bb37f53e916d448
-
SSDEEP
12288:bCf0rGLDrU1qBBuE+juhnS6/fRRC1EfUcKoLBnym1gjECDETjIm52k6Ek/r:bCdL4E+j8SmRRUEfVLByVECD8jf6T
Static task
static1
Behavioral task
behavioral1
Sample
057cdca456ab6f349e7a0c5d266607f865a2925c1fcc221a965f62783fd100a4_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
redline
cheat
185.222.58.70:55615
Targets
-
-
Target
057cdca456ab6f349e7a0c5d266607f865a2925c1fcc221a965f62783fd100a4_NeikiAnalytics.exe
-
Size
795KB
-
MD5
3ff70660ba6803338c83249ef161cc10
-
SHA1
56fba5e6baabe26aa8193089637f0f6c3d51398c
-
SHA256
057cdca456ab6f349e7a0c5d266607f865a2925c1fcc221a965f62783fd100a4
-
SHA512
44c406fce4f20dc099986a03d36124f85b054aa39c45a87d1cf22d3679e2e31f0a420803b8dd9a11a270b71351615f151ad59b0078b48eb43bb37f53e916d448
-
SSDEEP
12288:bCf0rGLDrU1qBBuE+juhnS6/fRRC1EfUcKoLBnym1gjECDETjIm52k6Ek/r:bCdL4E+j8SmRRUEfVLByVECD8jf6T
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-