Overview

overview

10

Static

static

10

8ce2c1b4bf...KI.exe

windows7-x64

10

8ce2c1b4bf...KI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ce2c1b4bf4aa92049f1f993e82cc140_NEIKI

  • Size

    724KB

  • Sample

    240508-nrmtlada88

  • MD5

    8ce2c1b4bf4aa92049f1f993e82cc140

  • SHA1

    cd4096c04ec0f0cf57a18ae682b97e21028d6b09

  • SHA256

    2ecb0407a802d7d2615a4192482c874b15415634b65f0e47409d0efe3797a637

  • SHA512

    bdba1335bb7d68e1e38942db273ebaa21f7cec750ca3d8cb427b1579eefa39d577969bc243342aea637b404825e8edcce82a06a6d08abf97844665549781a930

  • SSDEEP

    12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dMuN3X+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdM4E1

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      8ce2c1b4bf4aa92049f1f993e82cc140_NEIKI

    • Size

      724KB

    • MD5

      8ce2c1b4bf4aa92049f1f993e82cc140

    • SHA1

      cd4096c04ec0f0cf57a18ae682b97e21028d6b09

    • SHA256

      2ecb0407a802d7d2615a4192482c874b15415634b65f0e47409d0efe3797a637

    • SHA512

      bdba1335bb7d68e1e38942db273ebaa21f7cec750ca3d8cb427b1579eefa39d577969bc243342aea637b404825e8edcce82a06a6d08abf97844665549781a930

    • SSDEEP

      12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dMuN3X+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdM4E1

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • FakeAV payload

      fakeavspyware

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks