fd42570db71afaa782fb3f824ea87057661d2910d8914453d181b3a3652b1617 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NIKO.exe
Size

187KB
Sample

231117-e7874aga8y
MD5

5459c9375d4b07132878457d88b1176e
SHA1

142909a0f30e8cad6e53666ba616892ea1067af6
SHA256

fd42570db71afaa782fb3f824ea87057661d2910d8914453d181b3a3652b1617
SHA512

51f5b8fe285e47417639c15a6c22ad3715f51d0ed842fb69923278f9ed1ad10d1d90c33d4f64ccb3a852738fc271992243048939f2b0909601742bd22f3ee58e
SSDEEP

3072:VahKyd2n31e5GWp1icKAArDZz4N9GhbkrNEk1rJ4ZIJbvKuF//GT:VahOep0yN90QE44ekY//e

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  NIKO.exe
- Size
  
  187KB
- MD5
  
  5459c9375d4b07132878457d88b1176e
- SHA1
  
  142909a0f30e8cad6e53666ba616892ea1067af6
- SHA256
  
  fd42570db71afaa782fb3f824ea87057661d2910d8914453d181b3a3652b1617
- SHA512
  
  51f5b8fe285e47417639c15a6c22ad3715f51d0ed842fb69923278f9ed1ad10d1d90c33d4f64ccb3a852738fc271992243048939f2b0909601742bd22f3ee58e
- SSDEEP
  
  3072:VahKyd2n31e5GWp1icKAArDZz4N9GhbkrNEk1rJ4ZIJbvKuF//GT:VahOep0yN90QE44ekY//e
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer