c7306bf6249db3e31961a3f4cd42f12e083efe8b68835d1da566d8376b950716 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6d5e2d827c7c3ff8a7e2e77b0c00a1f0_NeikiAnalytics
Size

78KB
Sample

240515-drdktaeg94
MD5

6d5e2d827c7c3ff8a7e2e77b0c00a1f0
SHA1

4e675705797c317cc9f3f78fd9a69854567fd7ea
SHA256

c7306bf6249db3e31961a3f4cd42f12e083efe8b68835d1da566d8376b950716
SHA512

0a53665ed7f3d618c871101e56330ccd53cccf7028df8e46e97d7b080a15550167ba653918d82226dc1d9a87bc2ea217ee018a32c7b1d5ad26824dcd0dfefc2e
SSDEEP

1536:sPWV5jMdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6K9/Y01ic:sPWV5j7n7N041QqhgS9//

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  6d5e2d827c7c3ff8a7e2e77b0c00a1f0_NeikiAnalytics
- Size
  
  78KB
- MD5
  
  6d5e2d827c7c3ff8a7e2e77b0c00a1f0
- SHA1
  
  4e675705797c317cc9f3f78fd9a69854567fd7ea
- SHA256
  
  c7306bf6249db3e31961a3f4cd42f12e083efe8b68835d1da566d8376b950716
- SHA512
  
  0a53665ed7f3d618c871101e56330ccd53cccf7028df8e46e97d7b080a15550167ba653918d82226dc1d9a87bc2ea217ee018a32c7b1d5ad26824dcd0dfefc2e
- SSDEEP
  
  1536:sPWV5jMdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6K9/Y01ic:sPWV5j7n7N041QqhgS9//
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2