General

  • Target

    caada1d448c6b4ffedeffc3f598005d0_NEIKI

  • Size

    1.4MB

  • Sample

    240509-cnwrjsch6y

  • MD5

    caada1d448c6b4ffedeffc3f598005d0

  • SHA1

    019dc31ba781d841fe6a69e270cda780f35905c0

  • SHA256

    b267fc474977cc4b40c6956662ea7e8c073e68ca003b1cbc54c159154f181d8a

  • SHA512

    1129aec75546c6c227075233f17482c8c522aa8bfd9f374e665e23cb909ac24d993cc7a44fd3a47752a4979114cafab9d14435ce860ba8dd1afd00055d5cb3b4

  • SSDEEP

    24576:KCokxkoQXWnb68MPnemRKO4vIQgVWmdjzE4KhZd0FcZqP+whE5jVmJizfZmhSKaB:t5xk3XYPQneK7mVxmdjg9hZdH/SE5jVv

Malware Config

Targets

    • Target

      caada1d448c6b4ffedeffc3f598005d0_NEIKI

    • Size

      1.4MB

    • MD5

      caada1d448c6b4ffedeffc3f598005d0

    • SHA1

      019dc31ba781d841fe6a69e270cda780f35905c0

    • SHA256

      b267fc474977cc4b40c6956662ea7e8c073e68ca003b1cbc54c159154f181d8a

    • SHA512

      1129aec75546c6c227075233f17482c8c522aa8bfd9f374e665e23cb909ac24d993cc7a44fd3a47752a4979114cafab9d14435ce860ba8dd1afd00055d5cb3b4

    • SSDEEP

      24576:KCokxkoQXWnb68MPnemRKO4vIQgVWmdjzE4KhZd0FcZqP+whE5jVmJizfZmhSKaB:t5xk3XYPQneK7mVxmdjg9hZdH/SE5jVv

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      8614c450637267afacad1645e23ba24a

    • SHA1

      e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    • SHA256

      0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    • SHA512

      af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      config.dll

    • Size

      1.2MB

    • MD5

      f9da380edeade2cd43e88209aa5f5593

    • SHA1

      639cbdb652bfd2bbcccba9629a3e3bd99b4085f4

    • SHA256

      4bd67a9d8c2cab01c6f11bed72ebbcc350cdfae84bc88f4999a1cf580a63cfe4

    • SHA512

      b0da97fd3bd6397fe4bba8ef63e4f0821f15663a864c85f2f9449851859f123478fb61d9a638384d48a2ec749400d2340948b76f3658e82e5080ea940e102b60

    • SSDEEP

      24576:qpr3xuxi9gHf1k+kW6QAMUvL96j+y7TzsSHMtMNhbtp9abqZtpV34CS:al9gtCW5AMM6jPzrHMtohPAipV33S

    Score
    5/10
    • Drops file in System32 directory

    • Target

      iconAnimate.exe

    • Size

      306KB

    • MD5

      6a98387bf5a7c61c8dba3de313bc7a9d

    • SHA1

      45591683b358bc83ba6ca365d65e107a17f18aeb

    • SHA256

      e5044c54609f5404f9582d6eceea1edf2dfe6e36dfa4a19cc78614e17909e8e0

    • SHA512

      d4871eda7bac6466f6f3d08503bfb76f874a5f906daeb0b6fd17dcc60ac33aee666d8bc99453075e2f336e78d017c7581341a40ddbaeb4dcd96d2a3579c09a14

    • SSDEEP

      6144:FlYxXLG7MDylV0ukmKiuwv11rf1Ar3QEGj7E:Fci7MDwQiuwNV1ArGjI

    Score
    1/10
    • Target

      iconTips.exe

    • Size

      281KB

    • MD5

      56b438d8636da55011e7ed736ee60434

    • SHA1

      9112531e8343280f13ba86dcb27f54c4c449ae4e

    • SHA256

      aa216fc23c3b9f842d6f12adfef18fbaf97a49bf6767378311c9ca4226f793a6

    • SHA512

      65c7f7c7b7d522640cc62952f80d1e7d58c0c6c2506cbf727529254d39aadfac3903513b630b71179997ffcaac085ce79d74115f9e729bb7b372b7ea2dca0b03

    • SSDEEP

      3072:7I2HXgdV8UAwCPQf3IF4YEghgQLKptdj1MqgOMPVgoKXajQenB:7rwdGllpEgKpj1MqgOMPeGjrB

    Score
    1/10
    • Target

      uninst.exe

    • Size

      290KB

    • MD5

      78366c7f86a685e23eb897c6f34eb503

    • SHA1

      1c01a172a7137890b6b5a4b4fac0f9d8562b5ac0

    • SHA256

      51f44ce9c10bc7a860c431ee7f16c2012fe88513c87d7efad7757c35c2a59c4b

    • SHA512

      20967b60bb14a8772978ba71b3e4e4e8cc7ac934889d01a52486885f1099b02b16091ccc549c9b6117713f72aedc02694d71449ac89db692bf1ab8a9d0d3456a

    • SSDEEP

      6144:ke34KGjndtYt7Z+n9pGnVoUc99jCbd2/whMcitrqjGIu:fGjn4sGnGxnmiJ

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      8614c450637267afacad1645e23ba24a

    • SHA1

      e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    • SHA256

      0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    • SHA512

      af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      c498ae64b4971132bba676873978de1e

    • SHA1

      92e4009cd776b6c8616d8bffade7668ef3cb3c27

    • SHA256

      5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8

    • SHA512

      8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7

    • SSDEEP

      384:EVJOXQZkjhm+Np3aWgzxljzbbEUhU7ya4LtU0Ac9khYLMkIX0+GBty3S:EeXQcm+NpqWgzxljzfEUhUua4LtG

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    • Target

      wour_wrnd.exe

    • Size

      32KB

    • MD5

      1b65ca9566e6fcc4f5286a8bdd9518ee

    • SHA1

      0744a66417dc712701b426d26ecd4b811b7065dd

    • SHA256

      dfa88f801ad48651ac69e19154fd5248710b2c80b4c902f9763c2a07a4e54623

    • SHA512

      47f9505c9ecf38c4ee1be397bab976416ad7a15eaf82aa905e304c44782a132dfa0c6a75d3ce37a85e8ffcd335617be880e6a758e5be8060b91b5158508fe829

    • SSDEEP

      768:Bhe0uzFlC3N1p2HPhDVtsyOjMQVOU7paqIour:B4L/onAZDVtajQU7G

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

bootkitdiscoverypersistence
Score
7/10

behavioral2

bootkitdiscoverypersistence
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
5/10

behavioral12

Score
5/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

bootkitpersistence
Score
7/10

behavioral18

bootkitpersistence
Score
7/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10