2a9ec31d240fb25d248cb1440f184cbd5f67f7878b6219212b271f39f8c45749 | Triage

Sharing

General

Target

52d37161157f54fc8f4e36ff15a5a590_NeikiAnalytics
Size

4.3MB
Sample

240509-rb5k9adb6z
MD5

52d37161157f54fc8f4e36ff15a5a590
SHA1

1bc3b7fb0de084385046cbfe7c1cbe1c5215ac6f
SHA256

2a9ec31d240fb25d248cb1440f184cbd5f67f7878b6219212b271f39f8c45749
SHA512

8c859e32a7c22d7f83ee687ea2d04a353127c86687011275ce72a2edad1f4c676d1ac4f80cd3d6897b5f896c78d539f840dd29ed6ea15530f50d1d3f5c9d7abc
SSDEEP

98304:vZicNxIVFdUIVsTs1URagh3Pv9g14uDURBsFxeTsJ:v7IDjHoPO6sYBsF0TsJ

Score

8^/10

evasion execution

Malware Config

Targets

- Target
  
  52d37161157f54fc8f4e36ff15a5a590_NeikiAnalytics
- Size
  
  4.3MB
- MD5
  
  52d37161157f54fc8f4e36ff15a5a590
- SHA1
  
  1bc3b7fb0de084385046cbfe7c1cbe1c5215ac6f
- SHA256
  
  2a9ec31d240fb25d248cb1440f184cbd5f67f7878b6219212b271f39f8c45749
- SHA512
  
  8c859e32a7c22d7f83ee687ea2d04a353127c86687011275ce72a2edad1f4c676d1ac4f80cd3d6897b5f896c78d539f840dd29ed6ea15530f50d1d3f5c9d7abc
- SSDEEP
  
  98304:vZicNxIVFdUIVsTs1URagh3Pv9g14uDURBsFxeTsJ:v7IDjHoPO6sYBsF0TsJ
Score

8^/10

evasion execution
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecution

behavioral2

evasionexecution