General

  • Target

    c2405bc92602f6ecce81fe92dea60f90_NeikiAnalytics

  • Size

    136KB

  • Sample

    240515-l5skwscd4v

  • MD5

    c2405bc92602f6ecce81fe92dea60f90

  • SHA1

    becc57ff9272e66973f1f977fb687cca8a0b4181

  • SHA256

    3abb548b80239e11ae2db158b58aff7eb3a4f4de30afcf17781b6bb17f75815c

  • SHA512

    3f8f67c399c231c78b4da81a1a286f0925e3bae2daca6ab18b1f25b9569fd78bda27c4e2c2fbf5aff5f47af4853b11f9301a26006c896bdc369f0affa5af439f

  • SSDEEP

    3072:dvs4dDXEGCLElJ1Tj4mYWR/R4nkPR/1aVPK9Eg32CguvV3QcMwqHGX:NPDLCLqIo5R4nM/4NKV2CtV3Q0qH6

Malware Config

Targets

    • Target

      c2405bc92602f6ecce81fe92dea60f90_NeikiAnalytics

    • Size

      136KB

    • MD5

      c2405bc92602f6ecce81fe92dea60f90

    • SHA1

      becc57ff9272e66973f1f977fb687cca8a0b4181

    • SHA256

      3abb548b80239e11ae2db158b58aff7eb3a4f4de30afcf17781b6bb17f75815c

    • SHA512

      3f8f67c399c231c78b4da81a1a286f0925e3bae2daca6ab18b1f25b9569fd78bda27c4e2c2fbf5aff5f47af4853b11f9301a26006c896bdc369f0affa5af439f

    • SSDEEP

      3072:dvs4dDXEGCLElJ1Tj4mYWR/R4nkPR/1aVPK9Eg32CguvV3QcMwqHGX:NPDLCLqIo5R4nM/4NKV2CtV3Q0qH6

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks