General
-
Target
0e6920ae85959d1a6276101285045ec0_NeikiAnalytics
-
Size
82KB
-
Sample
240509-19hntadb23
-
MD5
0e6920ae85959d1a6276101285045ec0
-
SHA1
46a11a9e70a23b60a682514fa265c274ec82257a
-
SHA256
58a11fc0c778f15dcb56229b2489f8ce6c1af9862e2eaf6ed232a3047c0bacd6
-
SHA512
b5e814bf7cac6417e39913e8d536482051c5b3194e540e3c2e2bba822147b65a9f0d0659a5cd34985c863b463a1979c98c5a2b078e1cf7ce9902dd11cf49a7fc
-
SSDEEP
1536:hweU9lKc/HZVJ5xG4c4EwOaVv1nlC+Tk7bhGQhRRzab3/Ygn:VMlX/HHJbGnSpNRw7bhGEzyYg
Malware Config
Targets
-
-
Target
0e6920ae85959d1a6276101285045ec0_NeikiAnalytics
-
Size
82KB
-
MD5
0e6920ae85959d1a6276101285045ec0
-
SHA1
46a11a9e70a23b60a682514fa265c274ec82257a
-
SHA256
58a11fc0c778f15dcb56229b2489f8ce6c1af9862e2eaf6ed232a3047c0bacd6
-
SHA512
b5e814bf7cac6417e39913e8d536482051c5b3194e540e3c2e2bba822147b65a9f0d0659a5cd34985c863b463a1979c98c5a2b078e1cf7ce9902dd11cf49a7fc
-
SSDEEP
1536:hweU9lKc/HZVJ5xG4c4EwOaVv1nlC+Tk7bhGQhRRzab3/Ygn:VMlX/HHJbGnSpNRw7bhGEzyYg
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2