2b2b456da3a812fa205f787262f07d715ea0fb9de36892a51c896973fe001d42 | Triage

Sharing

General

Target

20099f19192b4c1f23787b4ed1e85d90_NeikiAnalytics
Size

53KB
Sample

240515-x8gtcage24
MD5

20099f19192b4c1f23787b4ed1e85d90
SHA1

4645a9a88d58e099a489b60e793155e2d97414f4
SHA256

2b2b456da3a812fa205f787262f07d715ea0fb9de36892a51c896973fe001d42
SHA512

0f76fa90b770e8ee3af638eba81c1281bac88a1aeeb405f51686c40a3a99278c487fd2662b72a5da9130c9803a158450c6c2c1f35a86ec0b3648cd090a34970f
SSDEEP

1536:vNyg8r8QN6mWrB5CmT7Kp3StjEMjmLM3ztDJWZsXy4JzxPME:9B5CaJJjmLM3zRJWZsXy4Jt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  20099f19192b4c1f23787b4ed1e85d90_NeikiAnalytics
- Size
  
  53KB
- MD5
  
  20099f19192b4c1f23787b4ed1e85d90
- SHA1
  
  4645a9a88d58e099a489b60e793155e2d97414f4
- SHA256
  
  2b2b456da3a812fa205f787262f07d715ea0fb9de36892a51c896973fe001d42
- SHA512
  
  0f76fa90b770e8ee3af638eba81c1281bac88a1aeeb405f51686c40a3a99278c487fd2662b72a5da9130c9803a158450c6c2c1f35a86ec0b3648cd090a34970f
- SSDEEP
  
  1536:vNyg8r8QN6mWrB5CmT7Kp3StjEMjmLM3ztDJWZsXy4JzxPME:9B5CaJJjmLM3zRJWZsXy4Jt
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence