Overview

overview

7

Static

static

3

c1db1d9ba3...cs.exe

windows7-x64

7

c1db1d9ba3...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics

  • Size

    1.5MB

  • Sample

    240510-mczn6scd32

  • MD5

    c1db1d9ba329625cbe7e93ac2c65ed70

  • SHA1

    f4bf560426d70393dadb4ccf65cfe0d8f442d89a

  • SHA256

    e32bc8d5b705d626a9468ba1d6d11d5ca4faa1c5e729fcb5411b1e060380899e

  • SHA512

    fd56900ff0c3d91fffcbdfca95a35351df5988fbe660e41a22fbaa80b9df52976db9b00ba2f19e68c1a86fbbb45e8598d8fd4e96e8dabf3b9ff9c70ffa2c42c5

  • SSDEEP

    24576:oW1M6mYiV+S4sWHh+mL7tTIoCctroLE8nTiEMr6ymMWQUdK3VI19Ff5uYmWhQyc0:VGN4DR7tTnCwc0TBWxdKFI19iYm0VymN

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics

    • Size

      1.5MB

    • MD5

      c1db1d9ba329625cbe7e93ac2c65ed70

    • SHA1

      f4bf560426d70393dadb4ccf65cfe0d8f442d89a

    • SHA256

      e32bc8d5b705d626a9468ba1d6d11d5ca4faa1c5e729fcb5411b1e060380899e

    • SHA512

      fd56900ff0c3d91fffcbdfca95a35351df5988fbe660e41a22fbaa80b9df52976db9b00ba2f19e68c1a86fbbb45e8598d8fd4e96e8dabf3b9ff9c70ffa2c42c5

    • SSDEEP

      24576:oW1M6mYiV+S4sWHh+mL7tTIoCctroLE8nTiEMr6ymMWQUdK3VI19Ff5uYmWhQyc0:VGN4DR7tTnCwc0TBWxdKFI19iYm0VymN

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks