Overview

overview

7

Static

static

3

673460cb01...cs.exe

windows7-x64

7

673460cb01...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    673460cb019bf118be3aa48638bc9e80_NeikiAnalytics

  • Size

    84KB

  • Sample

    240512-ekq31aaf82

  • MD5

    673460cb019bf118be3aa48638bc9e80

  • SHA1

    0fa38e4d9161d3bc7515c95ad36bb341b4b4008c

  • SHA256

    43d44636eb3b4b9d6e6f5869c9fe95f427448200a7d491307618339ad9948711

  • SHA512

    2c8d7837255e9d97a7e4ce26da73e96599da9f2e3f851aa99b7d01019ac3b8323c6c0a4236307e036a59101fd9bc1280e316032f4c1dac3e835b6b85005baca6

  • SSDEEP

    1536:1clIGFNMi+hJUneHoGTvvv4V9hqdhbtgS:+RMi+fUnCTvvv4V9hEhbCS

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      673460cb019bf118be3aa48638bc9e80_NeikiAnalytics

    • Size

      84KB

    • MD5

      673460cb019bf118be3aa48638bc9e80

    • SHA1

      0fa38e4d9161d3bc7515c95ad36bb341b4b4008c

    • SHA256

      43d44636eb3b4b9d6e6f5869c9fe95f427448200a7d491307618339ad9948711

    • SHA512

      2c8d7837255e9d97a7e4ce26da73e96599da9f2e3f851aa99b7d01019ac3b8323c6c0a4236307e036a59101fd9bc1280e316032f4c1dac3e835b6b85005baca6

    • SSDEEP

      1536:1clIGFNMi+hJUneHoGTvvv4V9hqdhbtgS:+RMi+fUnCTvvv4V9hEhbCS

    Score
    7/10
    persistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks