General
-
Target
310340b428920e3e69f14d2aa6124770_NeikiAnalytics
-
Size
3.2MB
-
Sample
240510-3tadlsbf36
-
MD5
310340b428920e3e69f14d2aa6124770
-
SHA1
4a952f16e5d657490cddd283912fb61498ce5db2
-
SHA256
0809998772b4599b9dc190b7a69d282c8c938992f12ddc6d25a3c04559872580
-
SHA512
28fd42a021577922e6b0043f29e8f83b19cd384488656b0a15cf69545dd7dd68e70aca3e96307d9c27d40d436b36880cfc7bca5b1eccc9af83469a13a89c057f
-
SSDEEP
49152:OIxI3RRv8rb/T0vO90dL3BmAFd4A64nsfJ/1jrVawigvQwzq8lcMD19d41wifjdD:U36jrkw2Id0FM2Pcdi
Static task
static1
Behavioral task
behavioral1
Sample
310340b428920e3e69f14d2aa6124770_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
310340b428920e3e69f14d2aa6124770_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
http://84.247.155.115:80/bU2t
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)
Extracted
cobaltstrike
100000
http://84.247.155.115:80/cm
-
access_type
512
-
host
84.247.155.115,/cm
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBZ+Jo/PHlvV+rZVp6QclrmZfPhER1QvmAsE8pTD/ql7nd5F+pPlWHL7TVOw3WpB+D+69ZcNxtRzNGtaO51LRrGqlBsjGXU8Sv4yClJYDfsLQQwg/MQywNA8KO5CHxLGHsV1A9JVVO1clfY6itRZO6vD5ccvPWpBHFWDzD6cQ6XQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
310340b428920e3e69f14d2aa6124770_NeikiAnalytics
-
Size
3.2MB
-
MD5
310340b428920e3e69f14d2aa6124770
-
SHA1
4a952f16e5d657490cddd283912fb61498ce5db2
-
SHA256
0809998772b4599b9dc190b7a69d282c8c938992f12ddc6d25a3c04559872580
-
SHA512
28fd42a021577922e6b0043f29e8f83b19cd384488656b0a15cf69545dd7dd68e70aca3e96307d9c27d40d436b36880cfc7bca5b1eccc9af83469a13a89c057f
-
SSDEEP
49152:OIxI3RRv8rb/T0vO90dL3BmAFd4A64nsfJ/1jrVawigvQwzq8lcMD19d41wifjdD:U36jrkw2Id0FM2Pcdi
Score10/10 -