c9d8eaf1ea9126d1cc3ca640b08d314b1778e2236319d0ee6035d48d9e020a4e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5b812b2870969c705552393a2447a40_NeikiAnalytics
Size

695KB
Sample

240514-n9sgsseh98
MD5

c5b812b2870969c705552393a2447a40
SHA1

f128cde415c5b489dc468fad71ccfd9d0b689839
SHA256

c9d8eaf1ea9126d1cc3ca640b08d314b1778e2236319d0ee6035d48d9e020a4e
SHA512

848d5e62e72202b025900914a1003e65c8a741fe4a48365041c20e0b5e2672e54c4e8828e32ece5b1e8970218a2698afc164a8b7c49dcb6527dceac7c2a940b7
SSDEEP

12288:4fOfuCG3hKZipyufZ3x4hglkIFwC5TEbQBfNXIWpG9PFzy19PTdD:4fOUnyGZ3x5k2ToyNX/WgrBD

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c5b812b2870969c705552393a2447a40_NeikiAnalytics
- Size
  
  695KB
- MD5
  
  c5b812b2870969c705552393a2447a40
- SHA1
  
  f128cde415c5b489dc468fad71ccfd9d0b689839
- SHA256
  
  c9d8eaf1ea9126d1cc3ca640b08d314b1778e2236319d0ee6035d48d9e020a4e
- SHA512
  
  848d5e62e72202b025900914a1003e65c8a741fe4a48365041c20e0b5e2672e54c4e8828e32ece5b1e8970218a2698afc164a8b7c49dcb6527dceac7c2a940b7
- SSDEEP
  
  12288:4fOfuCG3hKZipyufZ3x4hglkIFwC5TEbQBfNXIWpG9PFzy19PTdD:4fOUnyGZ3x5k2ToyNX/WgrBD
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer