General
-
Target
d295c86b5bab9f473972497564e6d210_NeikiAnalytics
-
Size
373KB
-
Sample
240515-pylqjsab52
-
MD5
d295c86b5bab9f473972497564e6d210
-
SHA1
4cc03c19785386a26530bfc5bdfb2763e4720802
-
SHA256
8ca9e0b528d5b1b32b44c66c1be4b2ad58b9fc62d51fe93b781daf3d6cdcac60
-
SHA512
e3a2af95227825d38cf2b321dd75402c979025b06df1f0b20cf6dc761c27e22b880aba90ae25beaf3c407dfb183fec1aa5c87d01c4aef666701730eb3e944154
-
SSDEEP
6144:AgXLk9lsA7WNFchU6wxpMoyZVn4lt2DSTZATjxhNUP2uxZ698Obd3Tuto6:AgXLk91ar1rKRn4lAQ+1hNUOr9HxuS6
Static task
static1
Behavioral task
behavioral1
Sample
d295c86b5bab9f473972497564e6d210_NeikiAnalytics.exe
Resource
win7-20240215-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
d295c86b5bab9f473972497564e6d210_NeikiAnalytics
-
Size
373KB
-
MD5
d295c86b5bab9f473972497564e6d210
-
SHA1
4cc03c19785386a26530bfc5bdfb2763e4720802
-
SHA256
8ca9e0b528d5b1b32b44c66c1be4b2ad58b9fc62d51fe93b781daf3d6cdcac60
-
SHA512
e3a2af95227825d38cf2b321dd75402c979025b06df1f0b20cf6dc761c27e22b880aba90ae25beaf3c407dfb183fec1aa5c87d01c4aef666701730eb3e944154
-
SSDEEP
6144:AgXLk9lsA7WNFchU6wxpMoyZVn4lt2DSTZATjxhNUP2uxZ698Obd3Tuto6:AgXLk91ar1rKRn4lAQ+1hNUOr9HxuS6
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-