General
-
Target
461eb26a35e9cd3d5bc4394fd9c9eae0_NeikiAnalytics
-
Size
308KB
-
Sample
240511-2xx4eada5v
-
MD5
461eb26a35e9cd3d5bc4394fd9c9eae0
-
SHA1
72efaeaebed23f961933358dab525c638e940044
-
SHA256
6a06c6adb255f764072d8ba5b027cfe40f04dd3de4f32f98ccdee215144c8a59
-
SHA512
14f37654278e1a0b5e84dd3cd82eebcc2f09db459d8ea4c32eee2c6d2c72812db2b5100f58d0b56511b2deb5f550bea37ed104f2dcbec71558a98e9022fb58de
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Static task
static1
Behavioral task
behavioral1
Sample
461eb26a35e9cd3d5bc4394fd9c9eae0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
461eb26a35e9cd3d5bc4394fd9c9eae0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
461eb26a35e9cd3d5bc4394fd9c9eae0_NeikiAnalytics
-
Size
308KB
-
MD5
461eb26a35e9cd3d5bc4394fd9c9eae0
-
SHA1
72efaeaebed23f961933358dab525c638e940044
-
SHA256
6a06c6adb255f764072d8ba5b027cfe40f04dd3de4f32f98ccdee215144c8a59
-
SHA512
14f37654278e1a0b5e84dd3cd82eebcc2f09db459d8ea4c32eee2c6d2c72812db2b5100f58d0b56511b2deb5f550bea37ed104f2dcbec71558a98e9022fb58de
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-