7bf41c1e332c638ba74b48ba1d761b326e32f3bd2d2d9f7d085c3f0847b70571 | Triage

Sharing

General

Target

52e5dd8e2809e9e500885622615d8310_NeikiAnalytics
Size

184KB
Sample

240510-dbgmjahh72
MD5

52e5dd8e2809e9e500885622615d8310
SHA1

de218c90cb123c076abe369f76b9e48f31097b02
SHA256

7bf41c1e332c638ba74b48ba1d761b326e32f3bd2d2d9f7d085c3f0847b70571
SHA512

42ba4fc044f620b190402c0664fb9a18d32b01d2bd301d88efe597fbacdc048f29acaffd871d081dab709643be0173e5ba13b4cfa13e174fcbe40293a8f1a815
SSDEEP

3072:kjr87SHQ6LtbuO5Y9cPklctqCvDPSn/pYVXje19S:5v6Ltbu3cPkkqCvDooXKjS

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  52e5dd8e2809e9e500885622615d8310_NeikiAnalytics
- Size
  
  184KB
- MD5
  
  52e5dd8e2809e9e500885622615d8310
- SHA1
  
  de218c90cb123c076abe369f76b9e48f31097b02
- SHA256
  
  7bf41c1e332c638ba74b48ba1d761b326e32f3bd2d2d9f7d085c3f0847b70571
- SHA512
  
  42ba4fc044f620b190402c0664fb9a18d32b01d2bd301d88efe597fbacdc048f29acaffd871d081dab709643be0173e5ba13b4cfa13e174fcbe40293a8f1a815
- SSDEEP
  
  3072:kjr87SHQ6LtbuO5Y9cPklctqCvDPSn/pYVXje19S:5v6Ltbu3cPkkqCvDooXKjS
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer