f58cfcf4818a5bc61a9a1c295d15c8ea17c6b581fc6745323d6ed9748691587b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8f9895e7098074f3df70f587c60c420_NeikiAnalytics
Size

96KB
Sample

240516-gjyskafa36
MD5

a8f9895e7098074f3df70f587c60c420
SHA1

377a15f565e4289171b0acf532795e94f8b9d25f
SHA256

f58cfcf4818a5bc61a9a1c295d15c8ea17c6b581fc6745323d6ed9748691587b
SHA512

c0ceb759de98170da1d994815ce81dee57e96e4d4f4ee5c2fb40bf8409bbbce26f4bdc782d89b474708961fc8e32580789df011aaa4b00703c0e6d3de59c02fa
SSDEEP

768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6u7DPQ1TTGfGYc+pD:3RsvcdcQjosnvng6uQ1Ji

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  a8f9895e7098074f3df70f587c60c420_NeikiAnalytics
- Size
  
  96KB
- MD5
  
  a8f9895e7098074f3df70f587c60c420
- SHA1
  
  377a15f565e4289171b0acf532795e94f8b9d25f
- SHA256
  
  f58cfcf4818a5bc61a9a1c295d15c8ea17c6b581fc6745323d6ed9748691587b
- SHA512
  
  c0ceb759de98170da1d994815ce81dee57e96e4d4f4ee5c2fb40bf8409bbbce26f4bdc782d89b474708961fc8e32580789df011aaa4b00703c0e6d3de59c02fa
- SSDEEP
  
  768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6u7DPQ1TTGfGYc+pD:3RsvcdcQjosnvng6uQ1Ji
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2