e30d634c17a4094ba5013f88c892dcb079df4a037d20caf47296515ac9680b5e | Triage

Sharing

General

Target

e363ac06ac2209a7c27186ad2351e3a0_NeikiAnalytics
Size

58KB
Sample

240509-yp1yjsbg4t
MD5

e363ac06ac2209a7c27186ad2351e3a0
SHA1

d96cbe2ad7edcf586387d8e296ade9d8dd213a6d
SHA256

e30d634c17a4094ba5013f88c892dcb079df4a037d20caf47296515ac9680b5e
SHA512

3bcd06e3a995d767098185f4772c2adb673f2e331b680d3f4b88caf2b1fe42350b7e817392c2a0cd82c90e9b2232b295ece7b86bc71903411c1ea23fb9a8c6a7
SSDEEP

768:9qSqC8+N5ozQQ8ncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqklP3:9rqfzQQ8amN8835mv7CUroqklP3

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  e363ac06ac2209a7c27186ad2351e3a0_NeikiAnalytics
- Size
  
  58KB
- MD5
  
  e363ac06ac2209a7c27186ad2351e3a0
- SHA1
  
  d96cbe2ad7edcf586387d8e296ade9d8dd213a6d
- SHA256
  
  e30d634c17a4094ba5013f88c892dcb079df4a037d20caf47296515ac9680b5e
- SHA512
  
  3bcd06e3a995d767098185f4772c2adb673f2e331b680d3f4b88caf2b1fe42350b7e817392c2a0cd82c90e9b2232b295ece7b86bc71903411c1ea23fb9a8c6a7
- SSDEEP
  
  768:9qSqC8+N5ozQQ8ncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqklP3:9rqfzQQ8amN8835mv7CUroqklP3
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2