6112a3d8e9d9ab30fedc0305e807cc3b6b6f4190c4902e54a8cb86a88164d222 | Triage

Sharing

General

Target

3542526aa24ade786a668c9ef79e0f90_NEIKI
Size

228KB
Sample

240507-z1m2haga4t
MD5

3542526aa24ade786a668c9ef79e0f90
SHA1

e58538b01ebcb985d0deea828d31313b06eb5087
SHA256

6112a3d8e9d9ab30fedc0305e807cc3b6b6f4190c4902e54a8cb86a88164d222
SHA512

0d6c6b83ae86f861d4d116c9057b7fbea0f677f7198d81f5cd648d78aa04dbd3410af251ba434f67518879a976822f4f84d83ee62e8113e9ccf911a389e1c3e7
SSDEEP

6144:VKJS9O3dwqsNy5ibpNjl4EqxF6snji81RUinKICun:gJS98dQxly

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3542526aa24ade786a668c9ef79e0f90_NEIKI
- Size
  
  228KB
- MD5
  
  3542526aa24ade786a668c9ef79e0f90
- SHA1
  
  e58538b01ebcb985d0deea828d31313b06eb5087
- SHA256
  
  6112a3d8e9d9ab30fedc0305e807cc3b6b6f4190c4902e54a8cb86a88164d222
- SHA512
  
  0d6c6b83ae86f861d4d116c9057b7fbea0f677f7198d81f5cd648d78aa04dbd3410af251ba434f67518879a976822f4f84d83ee62e8113e9ccf911a389e1c3e7
- SSDEEP
  
  6144:VKJS9O3dwqsNy5ibpNjl4EqxF6snji81RUinKICun:gJS98dQxly
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence