5bf7dfa476f878e494502e11b60216f8445bf9e87991869dec96becf0a1dee3e | Triage

Sharing

General

Target

93ebb4a9a9739d38184681e4068b8d70_NEIKI
Size

4.1MB
Sample

240508-bx32jsea74
MD5

93ebb4a9a9739d38184681e4068b8d70
SHA1

8509a1863994f8f181e38f4e18f062b0da39cb20
SHA256

5bf7dfa476f878e494502e11b60216f8445bf9e87991869dec96becf0a1dee3e
SHA512

5af841b59f96c324da8def1f53579d2d794e360ad242981456bde67f281f54d7237119b352be4fc6ab0fbf16acad50bd27eb0560ff10405d64026257015d4fdd
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBUB/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUpHbVz8eLFcz

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  93ebb4a9a9739d38184681e4068b8d70_NEIKI
- Size
  
  4.1MB
- MD5
  
  93ebb4a9a9739d38184681e4068b8d70
- SHA1
  
  8509a1863994f8f181e38f4e18f062b0da39cb20
- SHA256
  
  5bf7dfa476f878e494502e11b60216f8445bf9e87991869dec96becf0a1dee3e
- SHA512
  
  5af841b59f96c324da8def1f53579d2d794e360ad242981456bde67f281f54d7237119b352be4fc6ab0fbf16acad50bd27eb0560ff10405d64026257015d4fdd
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBUB/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUpHbVz8eLFcz
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer