General
-
Target
2db41a4ea77ad677adedd5ef2890b2b0_NeikiAnalytics.exe
-
Size
112KB
-
Sample
240517-zdkmvshg8z
-
MD5
2db41a4ea77ad677adedd5ef2890b2b0
-
SHA1
16f04e8ebd48c5e2cf2ca2a56c3ba78778131533
-
SHA256
d2ffbb1b5fe363eb1e08a82539f76687ef4d6cdabf980ccd828cc9b1d9c62e34
-
SHA512
08ce3b6e7fafa23de1b2610cb6dd46e3efc8a0fb55008779cd897921a54220232a3bb84967aefa1a00ae1c2e6bab4f994a89e7db0de5931845e84987f535987f
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Static task
static1
Behavioral task
behavioral1
Sample
2db41a4ea77ad677adedd5ef2890b2b0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2db41a4ea77ad677adedd5ef2890b2b0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2db41a4ea77ad677adedd5ef2890b2b0_NeikiAnalytics.exe
-
Size
112KB
-
MD5
2db41a4ea77ad677adedd5ef2890b2b0
-
SHA1
16f04e8ebd48c5e2cf2ca2a56c3ba78778131533
-
SHA256
d2ffbb1b5fe363eb1e08a82539f76687ef4d6cdabf980ccd828cc9b1d9c62e34
-
SHA512
08ce3b6e7fafa23de1b2610cb6dd46e3efc8a0fb55008779cd897921a54220232a3bb84967aefa1a00ae1c2e6bab4f994a89e7db0de5931845e84987f535987f
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-