107cc1212ea89108444411fe3e9f934f27d0b8646a5311fbc8040aef4b760a42 | Triage

Sharing

General

Target

76d8f1df3af443e80741800dea5a9070_NEIKI
Size

3.0MB
Sample

240508-akyqmaba54
MD5

76d8f1df3af443e80741800dea5a9070
SHA1

19deba8426ad0c2b842b3125d8a4077b4ed5cb24
SHA256

107cc1212ea89108444411fe3e9f934f27d0b8646a5311fbc8040aef4b760a42
SHA512

54c10e190efd36819f10adece6478db7444fd74a5bd3e6fb817ec41774f0c56cccb178d6e0237b525b11ed3f9f85d272afb7ff65d0477238c45ec01853472810
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBOB/bSqz8:sxX7QnxrloE5dpUpNbVz8

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  76d8f1df3af443e80741800dea5a9070_NEIKI
- Size
  
  3.0MB
- MD5
  
  76d8f1df3af443e80741800dea5a9070
- SHA1
  
  19deba8426ad0c2b842b3125d8a4077b4ed5cb24
- SHA256
  
  107cc1212ea89108444411fe3e9f934f27d0b8646a5311fbc8040aef4b760a42
- SHA512
  
  54c10e190efd36819f10adece6478db7444fd74a5bd3e6fb817ec41774f0c56cccb178d6e0237b525b11ed3f9f85d272afb7ff65d0477238c45ec01853472810
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBOB/bSqz8:sxX7QnxrloE5dpUpNbVz8
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer