a1eca432aca74c76e0f66bc0efff30ee0a9b24560f226ece42a33a23b24fe877 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c264675ba10c70a6e331082feffd5bb0_NEIKI
Size

4.7MB
Sample

240508-qm8llseg3s
MD5

c264675ba10c70a6e331082feffd5bb0
SHA1

26c7c816b9a937e3a079cbd38531b42c43a6ffee
SHA256

a1eca432aca74c76e0f66bc0efff30ee0a9b24560f226ece42a33a23b24fe877
SHA512

73af47a6c0396ae8f4236b3c68dea94ff883bf4ebb3bee38dde61c28ae2b1bd6e6ed273aa082c03d8b2db7ff07e54175dda5ee9c3efa0dde3f16662518188998
SSDEEP

49152:N/8KkUHbAgK56yWAnbbL3kK2w3hsJUWg3A5Y5OVjHyzeObc0vkn4Rk15BmaFvmy1:NkWbbn5YLdsqWgQ0OVTyzecLg5BmG

Score

7^/10

execution spyware stealer

Malware Config

Targets

- Target
  
  c264675ba10c70a6e331082feffd5bb0_NEIKI
- Size
  
  4.7MB
- MD5
  
  c264675ba10c70a6e331082feffd5bb0
- SHA1
  
  26c7c816b9a937e3a079cbd38531b42c43a6ffee
- SHA256
  
  a1eca432aca74c76e0f66bc0efff30ee0a9b24560f226ece42a33a23b24fe877
- SHA512
  
  73af47a6c0396ae8f4236b3c68dea94ff883bf4ebb3bee38dde61c28ae2b1bd6e6ed273aa082c03d8b2db7ff07e54175dda5ee9c3efa0dde3f16662518188998
- SSDEEP
  
  49152:N/8KkUHbAgK56yWAnbbL3kK2w3hsJUWg3A5Y5OVjHyzeObc0vkn4Rk15BmaFvmy1:NkWbbn5YLdsqWgQ0OVTyzecLg5BmG
Score

7^/10

execution spyware stealer
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionspywarestealer

behavioral2

executionspywarestealer