Overview
overview
7Static
static
3caada1d448...KI.exe
windows7-x64
7caada1d448...KI.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3config.dll
windows7-x64
5config.dll
windows10-2004-x64
5iconAnimate.exe
windows7-x64
1iconAnimate.exe
windows10-2004-x64
1iconTips.exe
windows7-x64
1iconTips.exe
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3wour_wrnd.exe
windows7-x64
1wour_wrnd.exe
windows10-2004-x64
1General
-
Target
caada1d448c6b4ffedeffc3f598005d0_NEIKI
-
Size
1.4MB
-
Sample
240509-cnwrjsch6y
-
MD5
caada1d448c6b4ffedeffc3f598005d0
-
SHA1
019dc31ba781d841fe6a69e270cda780f35905c0
-
SHA256
b267fc474977cc4b40c6956662ea7e8c073e68ca003b1cbc54c159154f181d8a
-
SHA512
1129aec75546c6c227075233f17482c8c522aa8bfd9f374e665e23cb909ac24d993cc7a44fd3a47752a4979114cafab9d14435ce860ba8dd1afd00055d5cb3b4
-
SSDEEP
24576:KCokxkoQXWnb68MPnemRKO4vIQgVWmdjzE4KhZd0FcZqP+whE5jVmJizfZmhSKaB:t5xk3XYPQneK7mVxmdjg9hZdH/SE5jVv
Static task
static1
Behavioral task
behavioral1
Sample
caada1d448c6b4ffedeffc3f598005d0_NEIKI.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
caada1d448c6b4ffedeffc3f598005d0_NEIKI.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
config.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
config.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
iconAnimate.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
iconAnimate.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
iconTips.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
iconTips.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
uninst.exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
uninst.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
wour_wrnd.exe
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
wour_wrnd.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
caada1d448c6b4ffedeffc3f598005d0_NEIKI
-
Size
1.4MB
-
MD5
caada1d448c6b4ffedeffc3f598005d0
-
SHA1
019dc31ba781d841fe6a69e270cda780f35905c0
-
SHA256
b267fc474977cc4b40c6956662ea7e8c073e68ca003b1cbc54c159154f181d8a
-
SHA512
1129aec75546c6c227075233f17482c8c522aa8bfd9f374e665e23cb909ac24d993cc7a44fd3a47752a4979114cafab9d14435ce860ba8dd1afd00055d5cb3b4
-
SSDEEP
24576:KCokxkoQXWnb68MPnemRKO4vIQgVWmdjzE4KhZd0FcZqP+whE5jVmJizfZmhSKaB:t5xk3XYPQneK7mVxmdjg9hZdH/SE5jVv
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
3KB
-
MD5
8614c450637267afacad1645e23ba24a
-
SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
-
SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
-
SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
config.dll
-
Size
1.2MB
-
MD5
f9da380edeade2cd43e88209aa5f5593
-
SHA1
639cbdb652bfd2bbcccba9629a3e3bd99b4085f4
-
SHA256
4bd67a9d8c2cab01c6f11bed72ebbcc350cdfae84bc88f4999a1cf580a63cfe4
-
SHA512
b0da97fd3bd6397fe4bba8ef63e4f0821f15663a864c85f2f9449851859f123478fb61d9a638384d48a2ec749400d2340948b76f3658e82e5080ea940e102b60
-
SSDEEP
24576:qpr3xuxi9gHf1k+kW6QAMUvL96j+y7TzsSHMtMNhbtp9abqZtpV34CS:al9gtCW5AMM6jPzrHMtohPAipV33S
Score5/10-
Drops file in System32 directory
-
-
-
Target
iconAnimate.exe
-
Size
306KB
-
MD5
6a98387bf5a7c61c8dba3de313bc7a9d
-
SHA1
45591683b358bc83ba6ca365d65e107a17f18aeb
-
SHA256
e5044c54609f5404f9582d6eceea1edf2dfe6e36dfa4a19cc78614e17909e8e0
-
SHA512
d4871eda7bac6466f6f3d08503bfb76f874a5f906daeb0b6fd17dcc60ac33aee666d8bc99453075e2f336e78d017c7581341a40ddbaeb4dcd96d2a3579c09a14
-
SSDEEP
6144:FlYxXLG7MDylV0ukmKiuwv11rf1Ar3QEGj7E:Fci7MDwQiuwNV1ArGjI
Score1/10 -
-
-
Target
iconTips.exe
-
Size
281KB
-
MD5
56b438d8636da55011e7ed736ee60434
-
SHA1
9112531e8343280f13ba86dcb27f54c4c449ae4e
-
SHA256
aa216fc23c3b9f842d6f12adfef18fbaf97a49bf6767378311c9ca4226f793a6
-
SHA512
65c7f7c7b7d522640cc62952f80d1e7d58c0c6c2506cbf727529254d39aadfac3903513b630b71179997ffcaac085ce79d74115f9e729bb7b372b7ea2dca0b03
-
SSDEEP
3072:7I2HXgdV8UAwCPQf3IF4YEghgQLKptdj1MqgOMPVgoKXajQenB:7rwdGllpEgKpj1MqgOMPeGjrB
Score1/10 -
-
-
Target
uninst.exe
-
Size
290KB
-
MD5
78366c7f86a685e23eb897c6f34eb503
-
SHA1
1c01a172a7137890b6b5a4b4fac0f9d8562b5ac0
-
SHA256
51f44ce9c10bc7a860c431ee7f16c2012fe88513c87d7efad7757c35c2a59c4b
-
SHA512
20967b60bb14a8772978ba71b3e4e4e8cc7ac934889d01a52486885f1099b02b16091ccc549c9b6117713f72aedc02694d71449ac89db692bf1ab8a9d0d3456a
-
SSDEEP
6144:ke34KGjndtYt7Z+n9pGnVoUc99jCbd2/whMcitrqjGIu:fGjn4sGnGxnmiJ
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
3KB
-
MD5
8614c450637267afacad1645e23ba24a
-
SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
-
SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
-
SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
20KB
-
MD5
c498ae64b4971132bba676873978de1e
-
SHA1
92e4009cd776b6c8616d8bffade7668ef3cb3c27
-
SHA256
5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8
-
SHA512
8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7
-
SSDEEP
384:EVJOXQZkjhm+Np3aWgzxljzbbEUhU7ya4LtU0Ac9khYLMkIX0+GBty3S:EeXQcm+NpqWgzxljzfEUhUua4LtG
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
c10e04dd4ad4277d5adc951bb331c777
-
SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
-
SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
-
SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
-
SSDEEP
96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score3/10 -
-
-
Target
wour_wrnd.exe
-
Size
32KB
-
MD5
1b65ca9566e6fcc4f5286a8bdd9518ee
-
SHA1
0744a66417dc712701b426d26ecd4b811b7065dd
-
SHA256
dfa88f801ad48651ac69e19154fd5248710b2c80b4c902f9763c2a07a4e54623
-
SHA512
47f9505c9ecf38c4ee1be397bab976416ad7a15eaf82aa905e304c44782a132dfa0c6a75d3ce37a85e8ffcd335617be880e6a758e5be8060b91b5158508fe829
-
SSDEEP
768:Bhe0uzFlC3N1p2HPhDVtsyOjMQVOU7paqIour:B4L/onAZDVtajQU7G
Score1/10 -