General

  • Target

    3e3c61b69fd3d24dfeb64d0208a569c0_NeikiAnalytics

  • Size

    476KB

  • Sample

    240515-1n65aaea55

  • MD5

    3e3c61b69fd3d24dfeb64d0208a569c0

  • SHA1

    e06890b91682d76d9e148751c709ac35de5983c3

  • SHA256

    b49b8635e2274afb1fe05e94353fdcf4a166e1e8c4ebe631e3407bc6da216611

  • SHA512

    d713be76d98e5e5dccad489b653a1d1e1b6f9d3a25107488ea1af6dda7da88942a162c4b9397dd90d84d11b26038a79380b89ee29c20206956eef1357d75a8e8

  • SSDEEP

    12288:xEQoS+qhU9GjTTZDmpotwbV8HZk6cdHc216Urd4y:xnWmTZ9taek6D216Y1

Malware Config

Targets

    • Target

      3e3c61b69fd3d24dfeb64d0208a569c0_NeikiAnalytics

    • Size

      476KB

    • MD5

      3e3c61b69fd3d24dfeb64d0208a569c0

    • SHA1

      e06890b91682d76d9e148751c709ac35de5983c3

    • SHA256

      b49b8635e2274afb1fe05e94353fdcf4a166e1e8c4ebe631e3407bc6da216611

    • SHA512

      d713be76d98e5e5dccad489b653a1d1e1b6f9d3a25107488ea1af6dda7da88942a162c4b9397dd90d84d11b26038a79380b89ee29c20206956eef1357d75a8e8

    • SSDEEP

      12288:xEQoS+qhU9GjTTZDmpotwbV8HZk6cdHc216Urd4y:xnWmTZ9taek6D216Y1

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks