b1a945d5dbef36d941a18c84d69a915652a581aaf7b8d151819e79c1b712d7ad | Triage

Sharing

General

Target

b7af458edc73df5f6715976da0054e70_NeikiAnalytics
Size

112KB
Sample

240513-pphyased6z
MD5

b7af458edc73df5f6715976da0054e70
SHA1

0ec3d852162ede0e2592c6f8e7d5d84805cae7a9
SHA256

b1a945d5dbef36d941a18c84d69a915652a581aaf7b8d151819e79c1b712d7ad
SHA512

60738377baf3711ae1c4462fbf1f19c12729a99930706584393af5a3e982f9b8c30476d8876aef8594d9aeba2174c82e692b105eacbf9f80770649dd86c7ca9a
SSDEEP

3072:REL6jtIF+X4g+RXujvcKPUJlZnPo1IpME831bIkI8SZIP90DU6MwsEyPgEwqgvvy:tBu6EtlNV

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b7af458edc73df5f6715976da0054e70_NeikiAnalytics
- Size
  
  112KB
- MD5
  
  b7af458edc73df5f6715976da0054e70
- SHA1
  
  0ec3d852162ede0e2592c6f8e7d5d84805cae7a9
- SHA256
  
  b1a945d5dbef36d941a18c84d69a915652a581aaf7b8d151819e79c1b712d7ad
- SHA512
  
  60738377baf3711ae1c4462fbf1f19c12729a99930706584393af5a3e982f9b8c30476d8876aef8594d9aeba2174c82e692b105eacbf9f80770649dd86c7ca9a
- SSDEEP
  
  3072:REL6jtIF+X4g+RXujvcKPUJlZnPo1IpME831bIkI8SZIP90DU6MwsEyPgEwqgvvy:tBu6EtlNV
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence