General

  • Target

    59184b4f8ea1b26140ccf51af645a720_NeikiAnalytics

  • Size

    1.4MB

  • Sample

    240511-ctbnkaga2y

  • MD5

    59184b4f8ea1b26140ccf51af645a720

  • SHA1

    2d157cc96738f87113bc9012e2a971b82a6dfc29

  • SHA256

    286121b1f25b5be77e80c0d2d0324c67458a8cb4e52ba2d4db1efb16065c0c9e

  • SHA512

    b0edda13a03344fd437fe7d3bbeb701f48f4aaad285d0d8be272bfd30cbdc72421fbd089de5dd4b5f98eaa2e5f88168de33b0467ca62daf6d5b55ce9dc69ea61

  • SSDEEP

    24576:Vxe+nn4wA/jkn5yqlCq8AZS3xEWMRZagbrEfMU8/1kqWqVbmkruBY5vRElLYF:je+nn4wBn5hSBEWoYM9ak5lILYF

Malware Config

Targets

    • Target

      59184b4f8ea1b26140ccf51af645a720_NeikiAnalytics

    • Size

      1.4MB

    • MD5

      59184b4f8ea1b26140ccf51af645a720

    • SHA1

      2d157cc96738f87113bc9012e2a971b82a6dfc29

    • SHA256

      286121b1f25b5be77e80c0d2d0324c67458a8cb4e52ba2d4db1efb16065c0c9e

    • SHA512

      b0edda13a03344fd437fe7d3bbeb701f48f4aaad285d0d8be272bfd30cbdc72421fbd089de5dd4b5f98eaa2e5f88168de33b0467ca62daf6d5b55ce9dc69ea61

    • SSDEEP

      24576:Vxe+nn4wA/jkn5yqlCq8AZS3xEWMRZagbrEfMU8/1kqWqVbmkruBY5vRElLYF:je+nn4wBn5hSBEWoYM9ak5lILYF

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks