Overview

overview

7

Static

static

3

e81a2def5c...cs.exe

windows7-x64

7

e81a2def5c...cs.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    e81a2def5cab4fcba77edc97d88fbd40_NeikiAnalytics

  • Size

    502KB

  • Sample

    240510-p8qggsbb39

  • MD5

    e81a2def5cab4fcba77edc97d88fbd40

  • SHA1

    d0824cb0f61532a8f44a7373d9c7d8ed556e7533

  • SHA256

    cc2cf24591d6595aa4b3d05a14ca4133a37dbe6dbd3e64ba36b11c3cbb2ae979

  • SHA512

    8c30c8ba57ecde10786bcbe7c27459d56ffc17bb2536e1f415737d2d13a7ac287b9e9f26e497b8dad12f0c010ff8127bcbb4ce27c538516a632516b41f23f107

  • SSDEEP

    12288:6vnJeZtAi+4jg0pssGz/SAUaZE18fyMjIVyIrtBADJ9:WJitFy0a4GE64yxX

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      e81a2def5cab4fcba77edc97d88fbd40_NeikiAnalytics

    • Size

      502KB

    • MD5

      e81a2def5cab4fcba77edc97d88fbd40

    • SHA1

      d0824cb0f61532a8f44a7373d9c7d8ed556e7533

    • SHA256

      cc2cf24591d6595aa4b3d05a14ca4133a37dbe6dbd3e64ba36b11c3cbb2ae979

    • SHA512

      8c30c8ba57ecde10786bcbe7c27459d56ffc17bb2536e1f415737d2d13a7ac287b9e9f26e497b8dad12f0c010ff8127bcbb4ce27c538516a632516b41f23f107

    • SSDEEP

      12288:6vnJeZtAi+4jg0pssGz/SAUaZE18fyMjIVyIrtBADJ9:WJitFy0a4GE64yxX

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks