General

  • Target

    cf86f61a5318ddca45fac8afffcf9430_NeikiAnalytics

  • Size

    713KB

  • Sample

    240515-netflsfa42

  • MD5

    cf86f61a5318ddca45fac8afffcf9430

  • SHA1

    5961a471097b1af34d2ef1fa7c15210ea9382633

  • SHA256

    6cccf5a95ebd93f84125b6506081717f4094e0a5ece7927a5d10aff81739221a

  • SHA512

    efb3288093b57e9a7f42d6e058d7a6b3a0d724889652ad7976f095eb5c2d1fc5be13babfea8f166fb78c08fe3169451772cb0f4436101077f6f5e21768522904

  • SSDEEP

    12288:ZEQoS5WoDZkp7AZzynEXXzA58WbBPiNtRMoLkuIzmwFbYKqcsEBU5z4DlH/E7xyO:ZaEkp7Oza58kB+DqcKqc75HsyO

Malware Config

Targets

    • Target

      cf86f61a5318ddca45fac8afffcf9430_NeikiAnalytics

    • Size

      713KB

    • MD5

      cf86f61a5318ddca45fac8afffcf9430

    • SHA1

      5961a471097b1af34d2ef1fa7c15210ea9382633

    • SHA256

      6cccf5a95ebd93f84125b6506081717f4094e0a5ece7927a5d10aff81739221a

    • SHA512

      efb3288093b57e9a7f42d6e058d7a6b3a0d724889652ad7976f095eb5c2d1fc5be13babfea8f166fb78c08fe3169451772cb0f4436101077f6f5e21768522904

    • SSDEEP

      12288:ZEQoS5WoDZkp7AZzynEXXzA58WbBPiNtRMoLkuIzmwFbYKqcsEBU5z4DlH/E7xyO:ZaEkp7Oza58kB+DqcKqc75HsyO

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks