Overview

overview

7

Static

static

3

b3a8d4d0de...KI.exe

windows7-x64

7

b3a8d4d0de...KI.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b3a8d4d0de5a9a45dc041c981c52e7e0_NEIKI

  • Size

    3.1MB

  • Sample

    240508-dlssjsfe3x

  • MD5

    b3a8d4d0de5a9a45dc041c981c52e7e0

  • SHA1

    29fa54b696dd924d2d63e189b5901907d7f50a59

  • SHA256

    6410ebc2883335b7e5290ce3a73cd38357ea50b9d1f54d03a7d0a56891cd0fe6

  • SHA512

    0cec267f83bf454952599d51734de917b9b6372fa9a4c32cc351fa07874570930153a98dcb9e80a0376bd61aafcf6638a51b6aa5f3a4b2f7fc5c7309c75e2398

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBmB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUptbVz8eLFc

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      b3a8d4d0de5a9a45dc041c981c52e7e0_NEIKI

    • Size

      3.1MB

    • MD5

      b3a8d4d0de5a9a45dc041c981c52e7e0

    • SHA1

      29fa54b696dd924d2d63e189b5901907d7f50a59

    • SHA256

      6410ebc2883335b7e5290ce3a73cd38357ea50b9d1f54d03a7d0a56891cd0fe6

    • SHA512

      0cec267f83bf454952599d51734de917b9b6372fa9a4c32cc351fa07874570930153a98dcb9e80a0376bd61aafcf6638a51b6aa5f3a4b2f7fc5c7309c75e2398

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBmB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUptbVz8eLFc

    Score
    7/10
    persistencespywarestealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks