Overview

overview

7

Static

static

3

a288e9f682...cs.exe

windows7-x64

7

a288e9f682...cs.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    a288e9f68234892f86cd8f1da415c8b0_NeikiAnalytics

  • Size

    905KB

  • Sample

    240511-jpf6taef2y

  • MD5

    a288e9f68234892f86cd8f1da415c8b0

  • SHA1

    da916102588b5a65fbef4539233f3183d86bc49c

  • SHA256

    aa87a3ebd114845f81eaf6fb52cac0798b4aaf9cb663cd4477719bccf2f5cb17

  • SHA512

    9efd97eac53d484d880bdc6b6535bc2330499df5b9fba2b54a4abc70a469307d67824aa5701e2263c83583072e26668d6b6a90c53f3f1ace3a08c7f25e16b293

  • SSDEEP

    12288:/n8yN0Mr8Z86aVdzIyFU40vy3W/ceKSHMsiFyY6XNt18n9szJpZjl2zrASZv4Cl:vPuZ8zhfujymk4HM5yJtz1kXxZQCl

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      a288e9f68234892f86cd8f1da415c8b0_NeikiAnalytics

    • Size

      905KB

    • MD5

      a288e9f68234892f86cd8f1da415c8b0

    • SHA1

      da916102588b5a65fbef4539233f3183d86bc49c

    • SHA256

      aa87a3ebd114845f81eaf6fb52cac0798b4aaf9cb663cd4477719bccf2f5cb17

    • SHA512

      9efd97eac53d484d880bdc6b6535bc2330499df5b9fba2b54a4abc70a469307d67824aa5701e2263c83583072e26668d6b6a90c53f3f1ace3a08c7f25e16b293

    • SSDEEP

      12288:/n8yN0Mr8Z86aVdzIyFU40vy3W/ceKSHMsiFyY6XNt18n9szJpZjl2zrASZv4Cl:vPuZ8zhfujymk4HM5yJtz1kXxZQCl

    Score
    7/10
    discoverypersistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks