Overview

overview

10

Static

static

10

5805577ea9...cs.exe

windows7-x64

10

5805577ea9...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5805577ea91c01d98f5f78ccd20c15b0_NeikiAnalytics.exe

  • Size

    104KB

  • Sample

    240517-3y8f7shh31

  • MD5

    5805577ea91c01d98f5f78ccd20c15b0

  • SHA1

    ab03bf6aef6d718e6d83f9da46a7a60e35a12f37

  • SHA256

    9077ff3efd69cb8673fc19025a90df9d3f6ed21d8fc34abb4caebb99d5ef553f

  • SHA512

    61ab8b33eef302ea72513c014f84e0bc71e0de9de82c05a8e605ae04848de9ce46a1024ba7820ce20da0b76aa68f5809d20e8ce7155a65e9b6df5b75d16d96c2

  • SSDEEP

    1536:JxqjQ+P04wsmJCaJvWugVwcei575wUeiL7Luf2P4a04kewtZpZWpG19e:sr85Ca5Lg+q7M0bAa0Ne2/AG19e

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      5805577ea91c01d98f5f78ccd20c15b0_NeikiAnalytics.exe

    • Size

      104KB

    • MD5

      5805577ea91c01d98f5f78ccd20c15b0

    • SHA1

      ab03bf6aef6d718e6d83f9da46a7a60e35a12f37

    • SHA256

      9077ff3efd69cb8673fc19025a90df9d3f6ed21d8fc34abb4caebb99d5ef553f

    • SHA512

      61ab8b33eef302ea72513c014f84e0bc71e0de9de82c05a8e605ae04848de9ce46a1024ba7820ce20da0b76aa68f5809d20e8ce7155a65e9b6df5b75d16d96c2

    • SSDEEP

      1536:JxqjQ+P04wsmJCaJvWugVwcei575wUeiL7Luf2P4a04kewtZpZWpG19e:sr85Ca5Lg+q7M0bAa0Ne2/AG19e

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks