General
-
Target
88ebe643c9d04ea60bf871d0a1da1960_NeikiAnalytics.exe
-
Size
22KB
-
Sample
240517-cv347sdc76
-
MD5
88ebe643c9d04ea60bf871d0a1da1960
-
SHA1
9bb02dcef6e9ade2bbdbd13c8375c483ced64fd0
-
SHA256
370e42d68ce6c755fc37829552c3914b0b244645f063354f625835dedc9391ef
-
SHA512
4b443fc90c0d4b705424977dc6fcfcc8de22efced7ac3ece87b3ba41e6eaa0a2f53761019a172c5867358a2b806d393518fb65683c75551cb43e3c0c151f4057
-
SSDEEP
384:C3MLWHn3kItfsYbSC0pd03oO7xJnr91Czl9M3Wbey:mn3kI1S1p+1/nr9il9Pbey
Malware Config
Targets
-
-
Target
88ebe643c9d04ea60bf871d0a1da1960_NeikiAnalytics.exe
-
Size
22KB
-
MD5
88ebe643c9d04ea60bf871d0a1da1960
-
SHA1
9bb02dcef6e9ade2bbdbd13c8375c483ced64fd0
-
SHA256
370e42d68ce6c755fc37829552c3914b0b244645f063354f625835dedc9391ef
-
SHA512
4b443fc90c0d4b705424977dc6fcfcc8de22efced7ac3ece87b3ba41e6eaa0a2f53761019a172c5867358a2b806d393518fb65683c75551cb43e3c0c151f4057
-
SSDEEP
384:C3MLWHn3kItfsYbSC0pd03oO7xJnr91Czl9M3Wbey:mn3kI1S1p+1/nr9il9Pbey
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-