Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
71b3bf62e56f6f0dea60c36192ef88e0_NeikiAnalytics
-
Size
383KB
-
Sample
240511-d9xreabd9w
-
MD5
71b3bf62e56f6f0dea60c36192ef88e0
-
SHA1
ff108fc1cce699b7702a88e73c128873dc15ce4c
-
SHA256
b466638aefdb02d527d4f93be21b221d6bdcb8431257bcc2a2c74cabda291e72
-
SHA512
1a4a7f15ec3cb9fe1303961f55f41bae9a564d2f642f5efd32b02e10f05103f7e6fe998077e4a0d885beebd2a2cb1d25b2ca0713862956a67bc87eada16429ee
-
SSDEEP
6144:l29q46VSndj30BwwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7Q:d46QnRw8EYiBlMQ
Behavioral task
behavioral1
Sample
71b3bf62e56f6f0dea60c36192ef88e0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
71b3bf62e56f6f0dea60c36192ef88e0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
71b3bf62e56f6f0dea60c36192ef88e0_NeikiAnalytics
-
Size
383KB
-
MD5
71b3bf62e56f6f0dea60c36192ef88e0
-
SHA1
ff108fc1cce699b7702a88e73c128873dc15ce4c
-
SHA256
b466638aefdb02d527d4f93be21b221d6bdcb8431257bcc2a2c74cabda291e72
-
SHA512
1a4a7f15ec3cb9fe1303961f55f41bae9a564d2f642f5efd32b02e10f05103f7e6fe998077e4a0d885beebd2a2cb1d25b2ca0713862956a67bc87eada16429ee
-
SSDEEP
6144:l29q46VSndj30BwwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7Q:d46QnRw8EYiBlMQ
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-