General
-
Target
443da503217dd15c4b7f58a6a05a6e90_NeikiAnalytics
-
Size
220KB
-
Sample
240512-xq4v6aee59
-
MD5
443da503217dd15c4b7f58a6a05a6e90
-
SHA1
f418f09bd6658f4d7e6bd564b1c024f5c90dfafe
-
SHA256
04bafaeff357cda9e9876cfd002959266659212dace1d546b3b7bfce1dd58c71
-
SHA512
a02ea80d8ac7f1f6be7fab0e973b21fc37f30054b782cf2df4a3d5895e93ba6da5c3f440676638b015ba15c023f067e994de691be2589202dd6ab256ea4f87ae
-
SSDEEP
3072:YsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRm8:ZR5IuMQoseGk7RZBGxAycKpSPX2T
Malware Config
Targets
-
-
Target
443da503217dd15c4b7f58a6a05a6e90_NeikiAnalytics
-
Size
220KB
-
MD5
443da503217dd15c4b7f58a6a05a6e90
-
SHA1
f418f09bd6658f4d7e6bd564b1c024f5c90dfafe
-
SHA256
04bafaeff357cda9e9876cfd002959266659212dace1d546b3b7bfce1dd58c71
-
SHA512
a02ea80d8ac7f1f6be7fab0e973b21fc37f30054b782cf2df4a3d5895e93ba6da5c3f440676638b015ba15c023f067e994de691be2589202dd6ab256ea4f87ae
-
SSDEEP
3072:YsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRm8:ZR5IuMQoseGk7RZBGxAycKpSPX2T
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1