e5e429693573761352e4532fd4a95ab01d83d0242fb7612623be497f88a47d84 | Triage

Sharing

General

Target

abd50c1cd984b84e7bb9171a4d668b40_NeikiAnalytics
Size

326KB
Sample

240511-l4f6gaca7s
MD5

abd50c1cd984b84e7bb9171a4d668b40
SHA1

8285299d0c83f821624a65406cf43837bb088099
SHA256

e5e429693573761352e4532fd4a95ab01d83d0242fb7612623be497f88a47d84
SHA512

d6c398941acb40317f7e2673a7e41e25f25debf26dea59869ace7aafa6b8987d8481b726caaf77db9d98890114c4becdc4f92b52958b4fbd44cb8e19d2431efc
SSDEEP

6144:Z5CKlxyOYbUUSgigL/dz69B+4w3DzCosAZgbTfipFvWTBFcoy+z:3lxypUUStgL/dKB+4wTZPObTfipNWTH7

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  abd50c1cd984b84e7bb9171a4d668b40_NeikiAnalytics
- Size
  
  326KB
- MD5
  
  abd50c1cd984b84e7bb9171a4d668b40
- SHA1
  
  8285299d0c83f821624a65406cf43837bb088099
- SHA256
  
  e5e429693573761352e4532fd4a95ab01d83d0242fb7612623be497f88a47d84
- SHA512
  
  d6c398941acb40317f7e2673a7e41e25f25debf26dea59869ace7aafa6b8987d8481b726caaf77db9d98890114c4becdc4f92b52958b4fbd44cb8e19d2431efc
- SSDEEP
  
  6144:Z5CKlxyOYbUUSgigL/dz69B+4w3DzCosAZgbTfipFvWTBFcoy+z:3lxypUUStgL/dKB+4wTZPObTfipNWTH7
Score

9^/10

persistence ransomware spyware stealer
- Renames multiple (175) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2