General

  • Target

    5ccf2882a383f41984f6c6345932ad60_NEIKI

  • Size

    196KB

  • Sample

    240508-z9djesgc6w

  • MD5

    5ccf2882a383f41984f6c6345932ad60

  • SHA1

    2cc73882de961d65a30790438908a7247953e929

  • SHA256

    883d48bc849896ddded7e77ccd56e73443b501046bb2d1211294ec4f8f0f272c

  • SHA512

    1caefb3d17f9e0b6acd5f69a9d055579a35a1a2c0f173b5015bc205c03b85c050e58bc9cf1cd8daa8b69e73b7f772579dba87448a028760b48f653b7ebc0a379

  • SSDEEP

    3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

Malware Config

Targets

    • Target

      5ccf2882a383f41984f6c6345932ad60_NEIKI

    • Size

      196KB

    • MD5

      5ccf2882a383f41984f6c6345932ad60

    • SHA1

      2cc73882de961d65a30790438908a7247953e929

    • SHA256

      883d48bc849896ddded7e77ccd56e73443b501046bb2d1211294ec4f8f0f272c

    • SHA512

      1caefb3d17f9e0b6acd5f69a9d055579a35a1a2c0f173b5015bc205c03b85c050e58bc9cf1cd8daa8b69e73b7f772579dba87448a028760b48f653b7ebc0a379

    • SSDEEP

      3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks