General
-
Target
7c8f87cd5d9c1d307d9652ea03c89c70_NeikiAnalytics
-
Size
90KB
-
Sample
240512-h5986ahf78
-
MD5
7c8f87cd5d9c1d307d9652ea03c89c70
-
SHA1
b4aabf7648ee67d2622e4e5b7e673c8d29338243
-
SHA256
c11a5edc26da6e605ef675f57ac7e71f5187f744d490a494ffe9da4c3a250f6d
-
SHA512
cce167976d8f3f1f13de6228079e7ab365bf51eceb2653c4dbc189d3a9431eb215de1ae8a52b64a367fe255e5a57a67248927880f1e1df5dc3721e608aedffcf
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Behavioral task
behavioral1
Sample
7c8f87cd5d9c1d307d9652ea03c89c70_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7c8f87cd5d9c1d307d9652ea03c89c70_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
7c8f87cd5d9c1d307d9652ea03c89c70_NeikiAnalytics
-
Size
90KB
-
MD5
7c8f87cd5d9c1d307d9652ea03c89c70
-
SHA1
b4aabf7648ee67d2622e4e5b7e673c8d29338243
-
SHA256
c11a5edc26da6e605ef675f57ac7e71f5187f744d490a494ffe9da4c3a250f6d
-
SHA512
cce167976d8f3f1f13de6228079e7ab365bf51eceb2653c4dbc189d3a9431eb215de1ae8a52b64a367fe255e5a57a67248927880f1e1df5dc3721e608aedffcf
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-