General
-
Target
6e835c722329b477efea301ed8271ad0_NeikiAnalytics
-
Size
130KB
-
Sample
240510-y9vbhabc34
-
MD5
6e835c722329b477efea301ed8271ad0
-
SHA1
8a2d1bee24b8f2050e680708ab3ce5742f651b1f
-
SHA256
92bd02f2ffb4a3bcb0bed6f7fc33587191b693e47a125f3cd50868ab1158a0dc
-
SHA512
f88232f0b17c617a2f928c581b33eca8fbd1191d91415c70df9265b9c7498d2761f3d8ed48bfcc2d9231d6a72d3e823625fab9ad4cb88b4f257b6ae65083d10c
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZO:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKc
Behavioral task
behavioral1
Sample
6e835c722329b477efea301ed8271ad0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6e835c722329b477efea301ed8271ad0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
6e835c722329b477efea301ed8271ad0_NeikiAnalytics
-
Size
130KB
-
MD5
6e835c722329b477efea301ed8271ad0
-
SHA1
8a2d1bee24b8f2050e680708ab3ce5742f651b1f
-
SHA256
92bd02f2ffb4a3bcb0bed6f7fc33587191b693e47a125f3cd50868ab1158a0dc
-
SHA512
f88232f0b17c617a2f928c581b33eca8fbd1191d91415c70df9265b9c7498d2761f3d8ed48bfcc2d9231d6a72d3e823625fab9ad4cb88b4f257b6ae65083d10c
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZO:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKc
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-