General

  • Target

    3dd828e13ed722d42d7cf3c9ceb70f80_NeikiAnalytics

  • Size

    564KB

  • Sample

    240515-1mlrysdh64

  • MD5

    3dd828e13ed722d42d7cf3c9ceb70f80

  • SHA1

    6fcf07099f334997e26960c567574a8ad4fd4a6f

  • SHA256

    1203a2d40de03cd90f4c213784840c9ee6aec45cb6e3051bfda20eab38b3726f

  • SHA512

    0bddbc86eb5889c6acfc77e24f24342b713588c8b3e960b03502fa158c59e7cc9f88186110216b77ea76527ca6a98e574d1230bec54d996f42e10ad1529808b7

  • SSDEEP

    12288:2t0ll2I37cBzoxZzVQ0DRlCsQfSmXuTEWbBBAsRdQBuA/:2eLcBmqfpX4EoPVRU/

Malware Config

Targets

    • Target

      3dd828e13ed722d42d7cf3c9ceb70f80_NeikiAnalytics

    • Size

      564KB

    • MD5

      3dd828e13ed722d42d7cf3c9ceb70f80

    • SHA1

      6fcf07099f334997e26960c567574a8ad4fd4a6f

    • SHA256

      1203a2d40de03cd90f4c213784840c9ee6aec45cb6e3051bfda20eab38b3726f

    • SHA512

      0bddbc86eb5889c6acfc77e24f24342b713588c8b3e960b03502fa158c59e7cc9f88186110216b77ea76527ca6a98e574d1230bec54d996f42e10ad1529808b7

    • SSDEEP

      12288:2t0ll2I37cBzoxZzVQ0DRlCsQfSmXuTEWbBBAsRdQBuA/:2eLcBmqfpX4EoPVRU/

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (84) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks