Overview

overview

10

Static

static

10

e638849cc8...cs.exe

windows7-x64

10

e638849cc8...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e638849cc81a251304082963b61460c0_NeikiAnalytics

  • Size

    724KB

  • Sample

    240516-vmkl1aef9w

  • MD5

    e638849cc81a251304082963b61460c0

  • SHA1

    0876da2a285468f2a7ac6f3d549a523275b04fac

  • SHA256

    39fdb92a8c6d252bbb9fb8a9b33e4ebe9cca4b028c3af185cd6ef4ba3e98956c

  • SHA512

    e5b0f700bf4d0ea501ea4d57bba6aec732167eb0f5119cd12206aaa8de76a525224f8f6bbb449cff8fa77539ff7f2ae2aa5db8effe017d3ef632aca320a20ded

  • SSDEEP

    12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dONZX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdqE6o

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      e638849cc81a251304082963b61460c0_NeikiAnalytics

    • Size

      724KB

    • MD5

      e638849cc81a251304082963b61460c0

    • SHA1

      0876da2a285468f2a7ac6f3d549a523275b04fac

    • SHA256

      39fdb92a8c6d252bbb9fb8a9b33e4ebe9cca4b028c3af185cd6ef4ba3e98956c

    • SHA512

      e5b0f700bf4d0ea501ea4d57bba6aec732167eb0f5119cd12206aaa8de76a525224f8f6bbb449cff8fa77539ff7f2ae2aa5db8effe017d3ef632aca320a20ded

    • SSDEEP

      12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dONZX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdqE6o

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • FakeAV payload

      fakeavspyware

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks