ed0ec335128934b87d78da1d86e2a66d2abf66a58d3009759a9eb12d3dcbab7a | Triage

Sharing

General

Target

591b90fd1388ffe7883b3f085d88adf0_NeikiAnalytics
Size

144KB
Sample

240514-cxxefaga27
MD5

591b90fd1388ffe7883b3f085d88adf0
SHA1

58dc17b959a55fabcedda550ee9c7005c67d16d0
SHA256

ed0ec335128934b87d78da1d86e2a66d2abf66a58d3009759a9eb12d3dcbab7a
SHA512

10b1769fd143d1f186e1277bc7e986c93450e4a9ee53be899aedc5708419401ab56dab244773e55551e3905f3cbef00a030ef86cc60a1a395927d072d6da1c08
SSDEEP

3072:/27TcKbnTvCIDw0x+G3dF/Ytq7xIpNelJZyi4x6:oc+2mrL/v7xIpNiJHP

Score

7^/10

persistence upx

Malware Config

Targets

- Target
  
  591b90fd1388ffe7883b3f085d88adf0_NeikiAnalytics
- Size
  
  144KB
- MD5
  
  591b90fd1388ffe7883b3f085d88adf0
- SHA1
  
  58dc17b959a55fabcedda550ee9c7005c67d16d0
- SHA256
  
  ed0ec335128934b87d78da1d86e2a66d2abf66a58d3009759a9eb12d3dcbab7a
- SHA512
  
  10b1769fd143d1f186e1277bc7e986c93450e4a9ee53be899aedc5708419401ab56dab244773e55551e3905f3cbef00a030ef86cc60a1a395927d072d6da1c08
- SSDEEP
  
  3072:/27TcKbnTvCIDw0x+G3dF/Ytq7xIpNelJZyi4x6:oc+2mrL/v7xIpNiJHP
Score

7^/10

persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2