General
-
Target
704fdc0ee3f347dd91cf693373edd300_NeikiAnalytics.exe
-
Size
784KB
-
Sample
240617-k3eqksxgkn
-
MD5
704fdc0ee3f347dd91cf693373edd300
-
SHA1
2ad25f68b150629e2e2332393daa831da8fb0efb
-
SHA256
c1185c1061fcf0fbcdc583bb15420fb5891b5d0eee117ceb6b3154b1c3725a24
-
SHA512
72db5d9747910e597975df39ba2ae48f5edd9a23b2230f4f440024ad89c6c91543be5cd3babf14413738e335493459b62835d447761cd2c3f06a4ebbd3b127c4
-
SSDEEP
24576:aJr8tE+sQJRRsOXJtZaIi6N6ccdXVPP2l2:aJ4LPhTZLMZPH
Static task
static1
Behavioral task
behavioral1
Sample
704fdc0ee3f347dd91cf693373edd300_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
redline
cheat
45.137.22.68:55615
Targets
-
-
Target
704fdc0ee3f347dd91cf693373edd300_NeikiAnalytics.exe
-
Size
784KB
-
MD5
704fdc0ee3f347dd91cf693373edd300
-
SHA1
2ad25f68b150629e2e2332393daa831da8fb0efb
-
SHA256
c1185c1061fcf0fbcdc583bb15420fb5891b5d0eee117ceb6b3154b1c3725a24
-
SHA512
72db5d9747910e597975df39ba2ae48f5edd9a23b2230f4f440024ad89c6c91543be5cd3babf14413738e335493459b62835d447761cd2c3f06a4ebbd3b127c4
-
SSDEEP
24576:aJr8tE+sQJRRsOXJtZaIi6N6ccdXVPP2l2:aJ4LPhTZLMZPH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-