General

  • Target

    c19fec8a85ebd8bb5eeb1efd1c6d2980_NeikiAnalytics

  • Size

    255KB

  • Sample

    240515-l2766scd77

  • MD5

    c19fec8a85ebd8bb5eeb1efd1c6d2980

  • SHA1

    41722646e17a42a2b0f4d3a74931ba2a219e2dd3

  • SHA256

    7ca3dcf3986c089cb35140f5e477ebdf27d72e00cc48c426b9dc33da027ac950

  • SHA512

    5d8e7d0d9e198b7758c5e7aa4b39fefbc546dae951291470ea2c559dfa70b8e3e9e5b794a35eb2163450e016ffc6f7e55fc1cc7c47364bd697a6b53d7de440c2

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJf:1xlZam+akqx6YQJXcNlEHUIQeE3mmBI0

Malware Config

Targets

    • Target

      c19fec8a85ebd8bb5eeb1efd1c6d2980_NeikiAnalytics

    • Size

      255KB

    • MD5

      c19fec8a85ebd8bb5eeb1efd1c6d2980

    • SHA1

      41722646e17a42a2b0f4d3a74931ba2a219e2dd3

    • SHA256

      7ca3dcf3986c089cb35140f5e477ebdf27d72e00cc48c426b9dc33da027ac950

    • SHA512

      5d8e7d0d9e198b7758c5e7aa4b39fefbc546dae951291470ea2c559dfa70b8e3e9e5b794a35eb2163450e016ffc6f7e55fc1cc7c47364bd697a6b53d7de440c2

    • SSDEEP

      3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJf:1xlZam+akqx6YQJXcNlEHUIQeE3mmBI0

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks