Overview

overview

10

Static

static

3

5356079829...cs.exe

windows7-x64

7

5356079829...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53560798291b00d28ef79300ba5e02fe63960c2cf35692b3f954161a78e6dd93_NeikiAnalytics.exe

  • Size

    332KB

  • Sample

    240629-dbw28azamd

  • MD5

    080dfde2b97288c6b9087523d81114e0

  • SHA1

    9765d4447bc8bf88aa1f9e0f137008a9bfb9d420

  • SHA256

    53560798291b00d28ef79300ba5e02fe63960c2cf35692b3f954161a78e6dd93

  • SHA512

    cfbb02ba05d34380803abc48414135062ad50e3e52b32a0470037cb235257a9cef02c4444f8ffb49630184e8c8d791ffaff36fa8a20e51fcaedd83c1537185ae

  • SSDEEP

    6144:hcylWoqkeuZ0Eiq06unicPfUumqXQubK+efN/sWuixwLh6MlM:CqWbPZDqjuicPfj8ubDefN/sW2Bl

Score
10/10
redline7021425935_99infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

7021425935_99

C2

https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac

Targets

    • Target

      53560798291b00d28ef79300ba5e02fe63960c2cf35692b3f954161a78e6dd93_NeikiAnalytics.exe

    • Size

      332KB

    • MD5

      080dfde2b97288c6b9087523d81114e0

    • SHA1

      9765d4447bc8bf88aa1f9e0f137008a9bfb9d420

    • SHA256

      53560798291b00d28ef79300ba5e02fe63960c2cf35692b3f954161a78e6dd93

    • SHA512

      cfbb02ba05d34380803abc48414135062ad50e3e52b32a0470037cb235257a9cef02c4444f8ffb49630184e8c8d791ffaff36fa8a20e51fcaedd83c1537185ae

    • SSDEEP

      6144:hcylWoqkeuZ0Eiq06unicPfUumqXQubK+efN/sWuixwLh6MlM:CqWbPZDqjuicPfj8ubDefN/sW2Bl

    Score
    10/10
    redline7021425935_99infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks