General
-
Target
b08a503b2ef84eb6a8fd48d56fadd6f0_NeikiAnalytics
-
Size
308KB
-
Sample
240510-k1nwgaea7v
-
MD5
b08a503b2ef84eb6a8fd48d56fadd6f0
-
SHA1
25144a87f414ca13d30f28042328b6ee5bdc94c6
-
SHA256
654f4302585126e759fd3c05944a56b69276d159f413ff2f17cec4bb2ad6ed42
-
SHA512
38650f2802e44c63afea7e0e62ec435da27f267da8a60399377d3dd33930c32c883fc6eda4c7b5ac6afa222ebdd07c4f018e6831c2daf8ead34d5420d0a6e45a
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Static task
static1
Behavioral task
behavioral1
Sample
b08a503b2ef84eb6a8fd48d56fadd6f0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b08a503b2ef84eb6a8fd48d56fadd6f0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
b08a503b2ef84eb6a8fd48d56fadd6f0_NeikiAnalytics
-
Size
308KB
-
MD5
b08a503b2ef84eb6a8fd48d56fadd6f0
-
SHA1
25144a87f414ca13d30f28042328b6ee5bdc94c6
-
SHA256
654f4302585126e759fd3c05944a56b69276d159f413ff2f17cec4bb2ad6ed42
-
SHA512
38650f2802e44c63afea7e0e62ec435da27f267da8a60399377d3dd33930c32c883fc6eda4c7b5ac6afa222ebdd07c4f018e6831c2daf8ead34d5420d0a6e45a
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-