356a796a4fa134b84d6e34ac64474fc623f00a3489c683c519bdf22cfe3375c0 | Triage

Sharing

General

Target

b03fb86b83a5c830dbae0ca568256b50_NeikiAnalytics
Size

148KB
Sample

240510-kzqnnshc39
MD5

b03fb86b83a5c830dbae0ca568256b50
SHA1

ed98474b2b03b8b31d15eb2a42f10c968d27cc6b
SHA256

356a796a4fa134b84d6e34ac64474fc623f00a3489c683c519bdf22cfe3375c0
SHA512

7e68c518961a60f62c1746cc7722b4ca84e4c4c63cb75e19e51449afa0f3ef3066f9aa327152baa6efe8a8b29c26eec1e03b2293f16b1f97b53df1e10918055b
SSDEEP

3072:DTBECaTEr+6dTkon7E1v26H53sW7Jq28f3/d:D4AaQn7o2AB7E3/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b03fb86b83a5c830dbae0ca568256b50_NeikiAnalytics
- Size
  
  148KB
- MD5
  
  b03fb86b83a5c830dbae0ca568256b50
- SHA1
  
  ed98474b2b03b8b31d15eb2a42f10c968d27cc6b
- SHA256
  
  356a796a4fa134b84d6e34ac64474fc623f00a3489c683c519bdf22cfe3375c0
- SHA512
  
  7e68c518961a60f62c1746cc7722b4ca84e4c4c63cb75e19e51449afa0f3ef3066f9aa327152baa6efe8a8b29c26eec1e03b2293f16b1f97b53df1e10918055b
- SSDEEP
  
  3072:DTBECaTEr+6dTkon7E1v26H53sW7Jq28f3/d:D4AaQn7o2AB7E3/
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence