General
-
Target
7519ba32f9d741540dec9417bd468aa0_NeikiAnalytics
-
Size
308KB
-
Sample
240510-zh473agg2s
-
MD5
7519ba32f9d741540dec9417bd468aa0
-
SHA1
61aa2c51702614891caf2faf3f466799ecc1ef10
-
SHA256
7b11d3ae29ab8459a37475d730800f0a8c5f7b871aea49f7da557322744d0d7a
-
SHA512
1d8966af93b9f6cbbb7b21a6878787b5c7ee134b8c03fdfc7adaf7ee24c7ebadfda1cae20c95807274c04fbce3616ee01b2d8a91b2874247c9f5e4d7d5532d49
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Static task
static1
Behavioral task
behavioral1
Sample
7519ba32f9d741540dec9417bd468aa0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7519ba32f9d741540dec9417bd468aa0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
7519ba32f9d741540dec9417bd468aa0_NeikiAnalytics
-
Size
308KB
-
MD5
7519ba32f9d741540dec9417bd468aa0
-
SHA1
61aa2c51702614891caf2faf3f466799ecc1ef10
-
SHA256
7b11d3ae29ab8459a37475d730800f0a8c5f7b871aea49f7da557322744d0d7a
-
SHA512
1d8966af93b9f6cbbb7b21a6878787b5c7ee134b8c03fdfc7adaf7ee24c7ebadfda1cae20c95807274c04fbce3616ee01b2d8a91b2874247c9f5e4d7d5532d49
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-