General
-
Target
2270c0d549b1653768b307bd3f5b6c7dfab57217bda3fd99dbe2bb6534c0b719_NeikiAnalytics.exe
-
Size
3.4MB
-
Sample
240626-29v5kszcjg
-
MD5
38fd3cd96757c7a389a95d62f6c873c0
-
SHA1
cbe2f0f7346556354f0373749cfda56af149477d
-
SHA256
2270c0d549b1653768b307bd3f5b6c7dfab57217bda3fd99dbe2bb6534c0b719
-
SHA512
ecc1b0a0bf6634cae986af6d69c8b5819e53f8cc0e71d6c0bb66a215bd7d9566adbfdfa436c0c50d8ae37f1c5669fadca4faf029cabf5e76f54e2044ff85b773
-
SSDEEP
49152:J+ZT1GLmfGZrF3jW/dFnR04jrWThYLruUxftcWhkLvOV5Tk7oWCg+MovIduIH:J01lfGZpcjR05yruUbKMFW8W
Static task
static1
Behavioral task
behavioral1
Sample
2270c0d549b1653768b307bd3f5b6c7dfab57217bda3fd99dbe2bb6534c0b719_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2270c0d549b1653768b307bd3f5b6c7dfab57217bda3fd99dbe2bb6534c0b719_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
Boobs
45.154.99.245:13799
Targets
-
-
Target
2270c0d549b1653768b307bd3f5b6c7dfab57217bda3fd99dbe2bb6534c0b719_NeikiAnalytics.exe
-
Size
3.4MB
-
MD5
38fd3cd96757c7a389a95d62f6c873c0
-
SHA1
cbe2f0f7346556354f0373749cfda56af149477d
-
SHA256
2270c0d549b1653768b307bd3f5b6c7dfab57217bda3fd99dbe2bb6534c0b719
-
SHA512
ecc1b0a0bf6634cae986af6d69c8b5819e53f8cc0e71d6c0bb66a215bd7d9566adbfdfa436c0c50d8ae37f1c5669fadca4faf029cabf5e76f54e2044ff85b773
-
SSDEEP
49152:J+ZT1GLmfGZrF3jW/dFnR04jrWThYLruUxftcWhkLvOV5Tk7oWCg+MovIduIH:J01lfGZpcjR05yruUbKMFW8W
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-