607aea4a37d9249900c473ffb13d16eb688b95c10ca2ab9cd192c729fe0488d1 | Triage

Sharing

General

Target

e8b2d328bb6cc3f37cf13c74428de960_NeikiAnalytics.exe
Size

904KB
Sample

240517-l7pxsadd99
MD5

e8b2d328bb6cc3f37cf13c74428de960
SHA1

8037d0f3a63d0b8d53d107a691d7643a7107de84
SHA256

607aea4a37d9249900c473ffb13d16eb688b95c10ca2ab9cd192c729fe0488d1
SHA512

253af489077e73777c1bb878d230c0f8e558f4e644c347d7c9efeb309e54f68a8cf99684875c1b209dd056319122ce51bbf5b580056b1e936fba5aafb9f68731
SSDEEP

12288:9n8yN0Mr8ti6aVArIygU40vy3W/ceKSHMsiFyY6XNm0FrSNPUZ6RwQv:FPutiz0fDjymk4HM5yJmaiP0Qv

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  e8b2d328bb6cc3f37cf13c74428de960_NeikiAnalytics.exe
- Size
  
  904KB
- MD5
  
  e8b2d328bb6cc3f37cf13c74428de960
- SHA1
  
  8037d0f3a63d0b8d53d107a691d7643a7107de84
- SHA256
  
  607aea4a37d9249900c473ffb13d16eb688b95c10ca2ab9cd192c729fe0488d1
- SHA512
  
  253af489077e73777c1bb878d230c0f8e558f4e644c347d7c9efeb309e54f68a8cf99684875c1b209dd056319122ce51bbf5b580056b1e936fba5aafb9f68731
- SSDEEP
  
  12288:9n8yN0Mr8ti6aVArIygU40vy3W/ceKSHMsiFyY6XNm0FrSNPUZ6RwQv:FPutiz0fDjymk4HM5yJmaiP0Qv
Score

7^/10

discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer