1e3113e2246ede05122a9b6f7ab7c1646fe3ad2b8918f4d597222cff935a1c13 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad91860ef6663afee897d58269f71790_NEIKI
Size

184KB
Sample

240508-pp85gsfb86
MD5

ad91860ef6663afee897d58269f71790
SHA1

c2d26cca975f4b7530273f6ba3536464d9e3b9dd
SHA256

1e3113e2246ede05122a9b6f7ab7c1646fe3ad2b8918f4d597222cff935a1c13
SHA512

381d7366cbf45cc24f1436fadfef0a709e74ded596baf15f2cb1f9c3bab91042a46202d92c48aef0a7d579ee8ab4ff2b30f88fdd67f77fe7e8da24e9d9d567aa
SSDEEP

3072:eWyYMlXL7KvWeRl6Knvmb7/D26DKcAA6vQOm34lK5/si+iS36:eXCVREKnvmb7/D26DKcV67m34E5/s8SK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ad91860ef6663afee897d58269f71790_NEIKI
- Size
  
  184KB
- MD5
  
  ad91860ef6663afee897d58269f71790
- SHA1
  
  c2d26cca975f4b7530273f6ba3536464d9e3b9dd
- SHA256
  
  1e3113e2246ede05122a9b6f7ab7c1646fe3ad2b8918f4d597222cff935a1c13
- SHA512
  
  381d7366cbf45cc24f1436fadfef0a709e74ded596baf15f2cb1f9c3bab91042a46202d92c48aef0a7d579ee8ab4ff2b30f88fdd67f77fe7e8da24e9d9d567aa
- SSDEEP
  
  3072:eWyYMlXL7KvWeRl6Knvmb7/D26DKcAA6vQOm34lK5/si+iS36:eXCVREKnvmb7/D26DKcV67m34E5/s8SK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence