General

  • Target

    0f5b712c4345c631d03f6b34fc73d2b0_NeikiAnalytics

  • Size

    34KB

  • Sample

    240509-2bae8adc23

  • MD5

    0f5b712c4345c631d03f6b34fc73d2b0

  • SHA1

    87cd785fe8ecb2b38988a5c627148d541cf35b5e

  • SHA256

    695a1bab049e5c427d0fee2bdcd4fddd81a1bc04d95cd39fe189dbf5bd9d440d

  • SHA512

    e4d0b3117afa5bef829a4c3b72820f50f5997433ef4e3c4fcbb64c56ad213ac82ffc76bfc6c60fb14ffef6fa47e8e11b00a6237613a1dd8e61178911f8f74705

  • SSDEEP

    768:Wp22qWFcy5XQ7lO41uirwA98p3MpkNBxd0cJWV6dy/x9J2:WpYoX58z1uirL98xMWnT0OQ9J2

Malware Config

Targets

    • Target

      0f5b712c4345c631d03f6b34fc73d2b0_NeikiAnalytics

    • Size

      34KB

    • MD5

      0f5b712c4345c631d03f6b34fc73d2b0

    • SHA1

      87cd785fe8ecb2b38988a5c627148d541cf35b5e

    • SHA256

      695a1bab049e5c427d0fee2bdcd4fddd81a1bc04d95cd39fe189dbf5bd9d440d

    • SHA512

      e4d0b3117afa5bef829a4c3b72820f50f5997433ef4e3c4fcbb64c56ad213ac82ffc76bfc6c60fb14ffef6fa47e8e11b00a6237613a1dd8e61178911f8f74705

    • SSDEEP

      768:Wp22qWFcy5XQ7lO41uirwA98p3MpkNBxd0cJWV6dy/x9J2:WpYoX58z1uirL98xMWnT0OQ9J2

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks