General
-
Target
515b39d286843e9f178a43a1477d7f40_NeikiAnalytics
-
Size
326KB
-
Sample
240511-b89ngaef4s
-
MD5
515b39d286843e9f178a43a1477d7f40
-
SHA1
1fb5dd8c248ab413f22127a9de7ea9c7ee0d6dbc
-
SHA256
06f0433ac392f31b1f6c763e532a332c21b48bcb3ae107345afe14f0b2b9d980
-
SHA512
edc6f954d93d0256d0cbdb3ced58f106183e4a3580c2bdb8ebcdef14ed657df4bf262b0824f4d3551f9c7c11551ee9dbb1c09d7e88d9a9b84753f551cf03eaf6
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Behavioral task
behavioral1
Sample
515b39d286843e9f178a43a1477d7f40_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
515b39d286843e9f178a43a1477d7f40_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
515b39d286843e9f178a43a1477d7f40_NeikiAnalytics
-
Size
326KB
-
MD5
515b39d286843e9f178a43a1477d7f40
-
SHA1
1fb5dd8c248ab413f22127a9de7ea9c7ee0d6dbc
-
SHA256
06f0433ac392f31b1f6c763e532a332c21b48bcb3ae107345afe14f0b2b9d980
-
SHA512
edc6f954d93d0256d0cbdb3ced58f106183e4a3580c2bdb8ebcdef14ed657df4bf262b0824f4d3551f9c7c11551ee9dbb1c09d7e88d9a9b84753f551cf03eaf6
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-