General
-
Target
07eb753af2b3573ce7320866c3714140_NeikiAnalytics
-
Size
72KB
-
Sample
240509-1rqxgabg49
-
MD5
07eb753af2b3573ce7320866c3714140
-
SHA1
a1351ae7e680f3dc771be34a577cef7feedc7576
-
SHA256
8f15e994b2b4d99413d2beb275356aac8aa7835267b0a62d14b785cf722e1550
-
SHA512
95d0b8fb0bc0a079ed35297cb3702b38c3a4c2c2b211deff8663541bf9c13c48c016a33eb3ccb60a96a492e272755d300f139b08a8baf56cac2337ca838ee7f6
-
SSDEEP
1536:DOa2kZ+qcAGVRIcUjmTeyovQe1RLP0sLJtoz9ZDu7GOXTm:DOYZTBORVUjtvR1L96BSXK
Behavioral task
behavioral1
Sample
07eb753af2b3573ce7320866c3714140_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
07eb753af2b3573ce7320866c3714140_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
07eb753af2b3573ce7320866c3714140_NeikiAnalytics
-
Size
72KB
-
MD5
07eb753af2b3573ce7320866c3714140
-
SHA1
a1351ae7e680f3dc771be34a577cef7feedc7576
-
SHA256
8f15e994b2b4d99413d2beb275356aac8aa7835267b0a62d14b785cf722e1550
-
SHA512
95d0b8fb0bc0a079ed35297cb3702b38c3a4c2c2b211deff8663541bf9c13c48c016a33eb3ccb60a96a492e272755d300f139b08a8baf56cac2337ca838ee7f6
-
SSDEEP
1536:DOa2kZ+qcAGVRIcUjmTeyovQe1RLP0sLJtoz9ZDu7GOXTm:DOYZTBORVUjtvR1L96BSXK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-