General
-
Target
22dd434667213ce290e7b9b344d2c7a0_NeikiAnalytics.exe
-
Size
242KB
-
Sample
240516-ymvnradf61
-
MD5
22dd434667213ce290e7b9b344d2c7a0
-
SHA1
7e7742a0b071b0ad2099d2d298b23507f3aa726e
-
SHA256
9b3699e932902bfe4264a68dad0ae5f718fa3672b659417c2f215e649a9c4d6c
-
SHA512
c76e9dcfe723d4321f61e22cfa0c9fb0b5784fd6133dcbb08668d8e330fa0a605cfc9ced1471337ec7738a5668e9a196c3fbcf1114bd945a7f857247e9c8a9d6
-
SSDEEP
6144:ubsslFB5Qz9DDATZwXUL2ATMHcTjVm/TCo9qBxPD85hT4HVz4m1I:ubsy8DDAFePHcIIxPD85hT4HVz4mu
Static task
static1
Behavioral task
behavioral1
Sample
22dd434667213ce290e7b9b344d2c7a0_NeikiAnalytics.exe
Resource
win7-20240215-en
Malware Config
Extracted
xenorat
dns.dobiamfollollc.online
Solid_rat_nd8888g
-
delay
61000
-
install_path
appdata
-
port
1283
-
startup_name
cns
Targets
-
-
Target
22dd434667213ce290e7b9b344d2c7a0_NeikiAnalytics.exe
-
Size
242KB
-
MD5
22dd434667213ce290e7b9b344d2c7a0
-
SHA1
7e7742a0b071b0ad2099d2d298b23507f3aa726e
-
SHA256
9b3699e932902bfe4264a68dad0ae5f718fa3672b659417c2f215e649a9c4d6c
-
SHA512
c76e9dcfe723d4321f61e22cfa0c9fb0b5784fd6133dcbb08668d8e330fa0a605cfc9ced1471337ec7738a5668e9a196c3fbcf1114bd945a7f857247e9c8a9d6
-
SSDEEP
6144:ubsslFB5Qz9DDATZwXUL2ATMHcTjVm/TCo9qBxPD85hT4HVz4m1I:ubsy8DDAFePHcIIxPD85hT4HVz4mu
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-