4142c43ede69b32ffc1efced4e8ab9efb69ebcbb73ba949dda70e0612b7a7c08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cbe9a28570a8bf3a29ed367bda0eaee0_NeikiAnalytics
Size

12KB
Sample

240516-knmgwada82
MD5

cbe9a28570a8bf3a29ed367bda0eaee0
SHA1

64a99aacd8512d35d0d45535349da9dbc6c202ed
SHA256

4142c43ede69b32ffc1efced4e8ab9efb69ebcbb73ba949dda70e0612b7a7c08
SHA512

0e2202c1cc6f3cbeae844c11f37be0890ef66df5f519702c6d5d2b1bfe5675647a7d0af2a017d87c087b5e4eefbc72cc0d7f29aa53ce0db98cc03e6e9730f233
SSDEEP

384:NL7li/2zSq2DcEQvdhcJKLTp/NK9xaHJ:dqM/Q9cHJ

Score

7^/10

Malware Config

Targets

- Target
  
  cbe9a28570a8bf3a29ed367bda0eaee0_NeikiAnalytics
- Size
  
  12KB
- MD5
  
  cbe9a28570a8bf3a29ed367bda0eaee0
- SHA1
  
  64a99aacd8512d35d0d45535349da9dbc6c202ed
- SHA256
  
  4142c43ede69b32ffc1efced4e8ab9efb69ebcbb73ba949dda70e0612b7a7c08
- SHA512
  
  0e2202c1cc6f3cbeae844c11f37be0890ef66df5f519702c6d5d2b1bfe5675647a7d0af2a017d87c087b5e4eefbc72cc0d7f29aa53ce0db98cc03e6e9730f233
- SSDEEP
  
  384:NL7li/2zSq2DcEQvdhcJKLTp/NK9xaHJ:dqM/Q9cHJ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2