9f09c197862ab6990f67d59109a99e63378a8db5cc88f412d3bb134943ea68e4 | Triage

Sharing

General

Target

b42821e4950f67b35ac01cd50a2f9390_NeikiAnalytics
Size

93KB
Sample

240513-m6rwesbe6s
MD5

b42821e4950f67b35ac01cd50a2f9390
SHA1

10ec67c2c0acf952c15083e4936990f52778dbf2
SHA256

9f09c197862ab6990f67d59109a99e63378a8db5cc88f412d3bb134943ea68e4
SHA512

816ab04595a1ae13e03b53a6cf2a357044e37aeb19c11c682900c68ac12b64aa559faad19acc031273fd1371ee552e63973c4ff838259f9220f453cb660ac788
SSDEEP

1536:s7qnkAQtSaoGo5n4iLG0/WM6TuHSaYqe7wXxAyNHA4U+g3vb93N:lCSjGoLpWM6YswXxAydtUxfZ

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  b42821e4950f67b35ac01cd50a2f9390_NeikiAnalytics
- Size
  
  93KB
- MD5
  
  b42821e4950f67b35ac01cd50a2f9390
- SHA1
  
  10ec67c2c0acf952c15083e4936990f52778dbf2
- SHA256
  
  9f09c197862ab6990f67d59109a99e63378a8db5cc88f412d3bb134943ea68e4
- SHA512
  
  816ab04595a1ae13e03b53a6cf2a357044e37aeb19c11c682900c68ac12b64aa559faad19acc031273fd1371ee552e63973c4ff838259f9220f453cb660ac788
- SSDEEP
  
  1536:s7qnkAQtSaoGo5n4iLG0/WM6TuHSaYqe7wXxAyNHA4U+g3vb93N:lCSjGoLpWM6YswXxAydtUxfZ
Score

9^/10

persistence ransomware spyware stealer
- Renames multiple (175) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2

persistenceransomwarespywarestealer