General
-
Target
59d205fdd4e95254e8c143f7f8ed6b90_NeikiAnalytics
-
Size
580KB
-
Sample
240509-rm2czagh42
-
MD5
59d205fdd4e95254e8c143f7f8ed6b90
-
SHA1
fc1245bf76de49ae94028b9e176ed322a7959a9e
-
SHA256
3547497b5e508411831ef71f71f7055d93a460f9bd0c44477dfafcacf8c847e1
-
SHA512
f7922978a2f84903be3b71200a181703f63c25e6623d28f8556f2964df2a52d4ed8a50fe83d4bd6e1ac68a2c77207d5a112c60781d1cec81c910b59aa8b0d8f6
-
SSDEEP
12288:YweVEnfYXa7mQfWHGAs6lsQdQjULtL/hzaZZIupNt:YXOnUa7m9mmlsQiMWZIupNt
Malware Config
Targets
-
-
Target
59d205fdd4e95254e8c143f7f8ed6b90_NeikiAnalytics
-
Size
580KB
-
MD5
59d205fdd4e95254e8c143f7f8ed6b90
-
SHA1
fc1245bf76de49ae94028b9e176ed322a7959a9e
-
SHA256
3547497b5e508411831ef71f71f7055d93a460f9bd0c44477dfafcacf8c847e1
-
SHA512
f7922978a2f84903be3b71200a181703f63c25e6623d28f8556f2964df2a52d4ed8a50fe83d4bd6e1ac68a2c77207d5a112c60781d1cec81c910b59aa8b0d8f6
-
SSDEEP
12288:YweVEnfYXa7mQfWHGAs6lsQdQjULtL/hzaZZIupNt:YXOnUa7m9mmlsQiMWZIupNt
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (52) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1