50c997fd2cc2eee8389af74135c2e59703f9d3c0af459bca028b7f01fdbfe5fd | Triage

Sharing

General

Target

2563be922867d94e2722a26d3cbb02c0_NeikiAnalytics
Size

124KB
Sample

240515-ymsjdshd43
MD5

2563be922867d94e2722a26d3cbb02c0
SHA1

84abafd2ffa91e8903524bc80a7ee590d1ae179c
SHA256

50c997fd2cc2eee8389af74135c2e59703f9d3c0af459bca028b7f01fdbfe5fd
SHA512

1cf9e5bc20f093954a6e34879ed2222773f3156d77aa1d79f0bae68270a918f25fbfb7dbe740e760594fedfcc514fa5cbefc79ed7eeb01b2f1e679b23b3ccb83
SSDEEP

1536:HsszN5YLZPhRO/N69BH3OoGa+FL9jKceRgrkjSo:MGbYlhkFoN3Oo1+F92S

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2563be922867d94e2722a26d3cbb02c0_NeikiAnalytics
- Size
  
  124KB
- MD5
  
  2563be922867d94e2722a26d3cbb02c0
- SHA1
  
  84abafd2ffa91e8903524bc80a7ee590d1ae179c
- SHA256
  
  50c997fd2cc2eee8389af74135c2e59703f9d3c0af459bca028b7f01fdbfe5fd
- SHA512
  
  1cf9e5bc20f093954a6e34879ed2222773f3156d77aa1d79f0bae68270a918f25fbfb7dbe740e760594fedfcc514fa5cbefc79ed7eeb01b2f1e679b23b3ccb83
- SSDEEP
  
  1536:HsszN5YLZPhRO/N69BH3OoGa+FL9jKceRgrkjSo:MGbYlhkFoN3Oo1+F92S
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence