General

  • Target

    cfadd252b7326a3b046bebc7c51f3d00_NeikiAnalytics

  • Size

    1.8MB

  • Sample

    240515-nhv4lsfb96

  • MD5

    cfadd252b7326a3b046bebc7c51f3d00

  • SHA1

    c4268edbc948e2910092c6486826121115914ea4

  • SHA256

    1328845325e02b39f46ad27eaf341d1c3d92b3c5dce6755e7a4a069dc6eae266

  • SHA512

    5910a0b54aaaf25c459f983f69bed3249b7ae2ca0d6d04880de4bf5c8eff4a5795ba9f5d8b1683e17df777835c9d143a83b465d5b4d476e041a0c8cdbfcf002d

  • SSDEEP

    49152:gBM8aenRnyxKd7tzTzxgSJ4voqvIqi2VGCV9pHk3uM:I/nWKd7tzPZqoPqi2gCV9pHkx

Malware Config

Targets

    • Target

      cfadd252b7326a3b046bebc7c51f3d00_NeikiAnalytics

    • Size

      1.8MB

    • MD5

      cfadd252b7326a3b046bebc7c51f3d00

    • SHA1

      c4268edbc948e2910092c6486826121115914ea4

    • SHA256

      1328845325e02b39f46ad27eaf341d1c3d92b3c5dce6755e7a4a069dc6eae266

    • SHA512

      5910a0b54aaaf25c459f983f69bed3249b7ae2ca0d6d04880de4bf5c8eff4a5795ba9f5d8b1683e17df777835c9d143a83b465d5b4d476e041a0c8cdbfcf002d

    • SSDEEP

      49152:gBM8aenRnyxKd7tzTzxgSJ4voqvIqi2VGCV9pHk3uM:I/nWKd7tzPZqoPqi2gCV9pHkx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks