a03902c4121fd89d3671b9469fffd1c2a189f5cb9ff5e5215b6b4db0e2f7a0db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9635a2078bfb8c6f1a5786006f3ecfe0_NeikiAnalytics
Size

53KB
Sample

240511-hjsf8aeb45
MD5

9635a2078bfb8c6f1a5786006f3ecfe0
SHA1

79aa1d83a119575d11e9c5c190cecf1969630f7a
SHA256

a03902c4121fd89d3671b9469fffd1c2a189f5cb9ff5e5215b6b4db0e2f7a0db
SHA512

dd7f72c68dc70f57a236a5d0c63679738b4e476ce083372cb40897717f2326dade331a7016c03e73cd92212f1ad60de15bed212d102214ffa56b9c7951cc35ad
SSDEEP

1536:vNSg8r8QIB6Hv7Kp3StjEMjmLM3ztDJWZsXy4JzxPME:9B6PJJjmLM3zRJWZsXy4Jt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9635a2078bfb8c6f1a5786006f3ecfe0_NeikiAnalytics
- Size
  
  53KB
- MD5
  
  9635a2078bfb8c6f1a5786006f3ecfe0
- SHA1
  
  79aa1d83a119575d11e9c5c190cecf1969630f7a
- SHA256
  
  a03902c4121fd89d3671b9469fffd1c2a189f5cb9ff5e5215b6b4db0e2f7a0db
- SHA512
  
  dd7f72c68dc70f57a236a5d0c63679738b4e476ce083372cb40897717f2326dade331a7016c03e73cd92212f1ad60de15bed212d102214ffa56b9c7951cc35ad
- SSDEEP
  
  1536:vNSg8r8QIB6Hv7Kp3StjEMjmLM3ztDJWZsXy4JzxPME:9B6PJJjmLM3zRJWZsXy4Jt
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence