80fcb4eaba78212dfc841e4410f7194dff9050e459533b34deebb9da00cc5241

Sharing

Copy URL

Twitter E-mail

General

Target

e395626363c42bb14c20677df91f32c0_NeikiAnalytics
Size

1.7MB
Sample

240509-yqdjmsbg5t
MD5

e395626363c42bb14c20677df91f32c0
SHA1

101e71683324fa049fcbcb686693dbf84ed98aaf
SHA256

80fcb4eaba78212dfc841e4410f7194dff9050e459533b34deebb9da00cc5241
SHA512

2314ff2169d4f230a551b9fd2158c32e2a57771f33e37af614e6233c2eb91b1f0ca6c44b5f47ac18efdf069069f9f989e702c35f50fcef404c61c2a9961e8044
SSDEEP

49152:RAtNW31SNQdlVFGeoOtaqcEM7CURDlQuTPfJqL9IOgT6g:RALekImeV2pCUVl9TUrgT6g

Score

8^/10

Malware Config

Targets

- Target
  
  e395626363c42bb14c20677df91f32c0_NeikiAnalytics
- Size
  
  1.7MB
- MD5
  
  e395626363c42bb14c20677df91f32c0
- SHA1
  
  101e71683324fa049fcbcb686693dbf84ed98aaf
- SHA256
  
  80fcb4eaba78212dfc841e4410f7194dff9050e459533b34deebb9da00cc5241
- SHA512
  
  2314ff2169d4f230a551b9fd2158c32e2a57771f33e37af614e6233c2eb91b1f0ca6c44b5f47ac18efdf069069f9f989e702c35f50fcef404c61c2a9961e8044
- SSDEEP
  
  49152:RAtNW31SNQdlVFGeoOtaqcEM7CURDlQuTPfJqL9IOgT6g:RALekImeV2pCUVl9TUrgT6g
Score

8^/10

persistence upx discovery
- Modifies AppInit DLL entries
  persistence
- Modifies Installed Components in the registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  15KB
- MD5
  
  f4e3fa5c852d2bdc41756e58124b21d3
- SHA1
  
  a49ec55e50d25efa45ce93366fb64c4fbb1d8261
- SHA256
  
  e457505b7648838185fd971e19daf6fd626824d7935a2701342df7099315e62c
- SHA512
  
  3ccbd9bf27d7927fdf34aecf672d78cb85d00b2b53da631f60683e46d85eda73021d2ae2c7c3d533424b1f8d174093d2186e1bd821fe02312fc142048b75d243
- SSDEEP
  
  192:TDKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF7bVwtVku+pdhhuZHpgiU6/:TViJrtFRdbmXK8+PCwfVeI70HpI+
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  24KB
- MD5
  
  2b7007ed0262ca02ef69d8990815cbeb
- SHA1
  
  2eabe4f755213666dbbbde024a5235ddde02b47f
- SHA256
  
  0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
- SHA512
  
  aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
- SSDEEP
  
  384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA
Score

3^/10
behavioral5 behavioral6
- Target
  
  $TEMP/Start/DarkMagicLoaderX64.exe
- Size
  
  14KB
- MD5
  
  f10548e2ab140eea3ffbf25c3597e8ef
- SHA1
  
  9453dc066f224dfa223ebd258609f64c2e097133
- SHA256
  
  226aed60d979d7d935438028e1a1bd9b89c5a0e3fdf600c6b929bc8e0152c6cf
- SHA512
  
  e14a8ccfb3cb8f56fbd012231316017547eb31a74ad3c2da7db88e0513e05ff33179f92f16fa05764664354547f70f76d3264fd16e4c848e43b047cbe6a1538d
- SSDEEP
  
  384:x1BbGy+/u2WuFRHJu6vuhgGoGCJEF8ZpHVfDv:x1d/2TtJuCmaEFiRNDv
Score

1^/10
behavioral7 behavioral8
- Target
  
  $TEMP/Start/DarkMagicLoaderX86.exe
- Size
  
  14KB
- MD5
  
  15edc6e6cb0ba1d65fecccbfd3ea2bf7
- SHA1
  
  6b25f36aca10a23ce534d1776a5d8bed7039a727
- SHA256
  
  1bd4b0fb35dcc337b54cd859087f4d84178c19361667624e0a2df196b77ef556
- SHA512
  
  23891b7c5bd483d1e14a9a5d3144d47497d8ccc2255aae879ff0396b5117e73b568e72f274c8d39412937cec1ea457e2acf411193d2b10de959741bbeada5ec8
- SSDEEP
  
  384:1wb+4+/u2WuFRHJu6v03JGoGCJEF8ZpHza:1Yd2TtJuCeEFiRG
Score

1^/10
behavioral10 behavioral9
- Target
  
  $TEMP/Start/DarkMagicX64.dll
- Size
  
  102KB
- MD5
  
  33dff2973cc5f7c10e0dcd771921e482
- SHA1
  
  746eb9dd51b452922ca25531d2b2e3ba346419f2
- SHA256
  
  0c3978251f3248b6c1be851ce0755d33de13b61aee296f9dae19a127336bec06
- SHA512
  
  5a0b6827cea35555b7535cd37e05df4fe988c3018d860b3e3e0312ab532a14efb85d981b07ab107ad19142c59e4797964ba995ac055c7ff6d7185783c8c0ac94
- SSDEEP
  
  1536:YAH7/wc1uNzRUjYYUobjVmYWqyTBZi/gLRbc6xuEi2DHfK9LtZxJujeir:pHLHUo5FyFZ8+uEi/9nx86Q
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/Start/DarkMagicX86.dll
- Size
  
  85KB
- MD5
  
  925844f0d6dbe57a793a5fb5f825a9b5
- SHA1
  
  5cf3e6da91485435d2b24ba03a1903e7ebd3c4f2
- SHA256
  
  1c98a3ce805ec519193acf85cc9f14dfcf3a7c99bbb1cfc6a779ae5f3f9613cd
- SHA512
  
  29227129668956c6292671469000dc561f9d7d60ae4a7cb6b2fc1cfe41660cb7aa3e94fbef7bdd8b354be57bd0febfbb16e616b83a99dd6370e52eb1673fefb8
- SSDEEP
  
  1536:z8vVieQymLp9+6IbUX5pP600uJVYhMPf7icAHd1jO0dTbL7r+xJuGeiw:4vVFhmL26I0580pVkA7hid1jOUyx8V7
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/Start/Orbs/Windows 7.orb
- Size
  
  295KB
- MD5
  
  85328e698e8a74852b4061a683915dc8
- SHA1
  
  b898267f8574a34e6d605e541e5234c27dd53f5d
- SHA256
  
  e5b74e9e7bd6758a0154b11462ae3328edd143190865198104d8bd53b9af7275
- SHA512
  
  03945c487c6e697f7b352374a989bfe41d1de7d00624461d2b97fb2027b26d36b35035d5e78ea622c31372087dae647c5d3591c7f9a27941c009993e719ee28f
- SSDEEP
  
  3072:hj4y00PsAyluGSyREq+Dh3SGtdJmH1PakPE3AzpdDh7FVkohILQ:hn0esAylu2d2S4J83tdVYoT
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/Start/StartAllBackCfg.exe
- Size
  
  3.2MB
- MD5
  
  f694716309e0116eaad74fe6f802a3c7
- SHA1
  
  d680f472b17e2e490859972f7ad4987f4bdd4e97
- SHA256
  
  04c559dd407c0c07215bdebe89814c31ba420d224bee2ab6830ba169c6d9d5e3
- SHA512
  
  58e3116e5146d9d1e3e4e8ea60301583fbbba3702b82b7c5cd3d5d6cc237b7366b9f04bb5bfe8ae3bdb4076165159e798aac5e1bf9d4a02a01a2dd1aacde9dc0
- SSDEEP
  
  24576:K84qDBok47KbKxK8yVFfUTkw/YtRdVZlTCo3McvXkIyWh:K/qDBw8KxKbcIwgdVrJ/h
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/Start/StartAllBackLoaderX64.dll
- Size
  
  15KB
- MD5
  
  02745717ed9538dc59401864c21a3171
- SHA1
  
  3de54b3906038310ef82a1b2687114e0ce48b543
- SHA256
  
  927c97dc5a20bd7c72236248f21deb8513ee8a09c493e8f1a9d5374948114fda
- SHA512
  
  7dcd0af8267a29c05d8b99353058957fc67ca145691f7eb12564c757c659e8fcb94b6d000b45663546e4c7b14f1fd5775bf8f4eedcdbedd7e67226cc0e3b1a19
- SSDEEP
  
  384:d2iakmJPw+/u2WuFRHJu6vtDXGoGCJEF8ZpHYA/:si9mY2TtJuCREFiRD/
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/Start/StartAllBackX64.dll
- Size
  
  790KB
- MD5
  
  79397af4593f4b6b9cc1d6ce30a4078d
- SHA1
  
  14d531076f622ed80666b97d4ff7d731df75fb64
- SHA256
  
  7f80ecfd976a23fdfb85f9e7401ba690b3f745ea51a6383d4b1cd10815819ffc
- SHA512
  
  88c9c76f4623320ef5e44778b152038637176a2a6a7d1a9f639ded1d09dec52ce36c7a0bd09a1707a190c09dffd347505b7b46b2ab083685092a5ecc2652790e
- SSDEEP
  
  12288:gijgQfoBe0B8YVB8SxWETSqbNsH3mlnNEymoM0FHG68DUTXgJZBvE:k++eqjM6XS4+GmxWFm68DUTXa
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/Start/Styles/Plain8.msstyles
- Size
  
  118KB
- MD5
  
  509fd060516d1971da8d0c2173748358
- SHA1
  
  67ccd63914312b1f491467bec42232916df109c7
- SHA256
  
  43c7016d950248f52f9512c9e7393c38d61a3ba2235e5fb6deed83564d8e9442
- SHA512
  
  de3d87b7e0a518ffbb10ccd400dbf5f9596177b75dd7aa4785855d36f007ef0417b88b2eb3aa6af7e52fb3670c021f714bcf87a33551ffc4536444d5204aa7e6
- SSDEEP
  
  1536:JrsDH9XYblumhuRSPvu8QhVPCQtGwMlw:JrkH9cumhuRSXIhVPCpwMlw
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMP/Start/Styles/Windows 7.msstyles
- Size
  
  377KB
- MD5
  
  5bcd1f14702ed1c521a13cec168770c7
- SHA1
  
  60d9b2740ae59e32cb843ae9171db90d24212884
- SHA256
  
  5d7d0f58359bc0017da66b3b893515435add2908f3c10920e0cad2febd3e0e62
- SHA512
  
  ccd3df8072768e42c607d372c35c5e484c51a3ed24545ae29cad8aab61a1cdd2e9c8c33dfed41406566b31ed775c0ffc56859f97d8dd2859f4899af1a670b752
- SSDEEP
  
  6144:YL7hUvZn7daDTzgMigyWI12lnCtROpUHQYPxt:ohOZ7Qzg/RXthz
Score

1^/10
behavioral25 behavioral26
- Target
  
  $TEMP/Start/UpdateCheck.exe
- Size
  
  24B
- MD5
  
  ef1cf6c52c07e01c09e7d2a478be8fef
- SHA1
  
  56561edafd61884f13374e06e39a8cecb9313a5e
- SHA256
  
  27eef8746ec8c90b67b59555c32c432e0d679fd8e38d9c635efdd1857d480a52
- SHA512
  
  9fb10e7e08b0ff5575e6ac8986d95c3df6c0eb0fcc2a93fb758d943de4a939999c09d5849120eeb18912c945d6c3ecef20b27fbd8a4a1f3852d385a6fbd92bc0
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies AppInit DLL entries

Modifies Installed Components in the registry

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

UPX packed file

Checks installed software on the system

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28