General
-
Target
5f9067b15272efe16e3d65470ba47980_NeikiAnalytics
-
Size
72KB
-
Sample
240511-c8swdsbf46
-
MD5
5f9067b15272efe16e3d65470ba47980
-
SHA1
bec04efe075fd29bcdba9ceefc55e18466555fae
-
SHA256
080cea8881adc3df47de80107238a1d4aed2c1d57307c93a71636e5be4e4fae6
-
SHA512
391b37701b00f17598513985f57bf8c9f6666674bb2a5beabbc5f41d9f0eab7fe9a34d0a3d6106e5e9bd1c428d2125cc435d762c6e23d9cc7f385366ba36d04c
-
SSDEEP
1536:DOa2kZ+qcAGVRIcUjmTeyovQe1RLP0sLJtoz9ZDu7GOXTm:DOYZTBORVUjtvR1L96BSXK
Behavioral task
behavioral1
Sample
5f9067b15272efe16e3d65470ba47980_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5f9067b15272efe16e3d65470ba47980_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
5f9067b15272efe16e3d65470ba47980_NeikiAnalytics
-
Size
72KB
-
MD5
5f9067b15272efe16e3d65470ba47980
-
SHA1
bec04efe075fd29bcdba9ceefc55e18466555fae
-
SHA256
080cea8881adc3df47de80107238a1d4aed2c1d57307c93a71636e5be4e4fae6
-
SHA512
391b37701b00f17598513985f57bf8c9f6666674bb2a5beabbc5f41d9f0eab7fe9a34d0a3d6106e5e9bd1c428d2125cc435d762c6e23d9cc7f385366ba36d04c
-
SSDEEP
1536:DOa2kZ+qcAGVRIcUjmTeyovQe1RLP0sLJtoz9ZDu7GOXTm:DOYZTBORVUjtvR1L96BSXK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-