General

  • Target

    75b66d80d1316c82536fabb115108ee0_NeikiAnalytics.exe

  • Size

    87KB

  • Sample

    240518-csec3afg3w

  • MD5

    75b66d80d1316c82536fabb115108ee0

  • SHA1

    b872ca3f34b23c7c982334b907b67dacf8bc19e3

  • SHA256

    775db59e682c29a07f8289186c33c41c08e296ec28352191ac57d38985d4be32

  • SHA512

    5d136768d1980265fe14120c24fd305278d24ee165136c3e22ee8ef7cd16993cf1e6f329d173c9f0bb54493f5c4df11f7ebc008845fbad172809af6bd1fb3437

  • SSDEEP

    1536:D3ScSeuCQ5CvP3ErbK0GsA1Irn6ykkXERklFceLnFaswUemjmh5WGiirTb9Qyz1:DSleucPUXKhsmIGZkXYUJFg5fRiaTRl

Malware Config

Targets

    • Target

      75b66d80d1316c82536fabb115108ee0_NeikiAnalytics.exe

    • Size

      87KB

    • MD5

      75b66d80d1316c82536fabb115108ee0

    • SHA1

      b872ca3f34b23c7c982334b907b67dacf8bc19e3

    • SHA256

      775db59e682c29a07f8289186c33c41c08e296ec28352191ac57d38985d4be32

    • SHA512

      5d136768d1980265fe14120c24fd305278d24ee165136c3e22ee8ef7cd16993cf1e6f329d173c9f0bb54493f5c4df11f7ebc008845fbad172809af6bd1fb3437

    • SSDEEP

      1536:D3ScSeuCQ5CvP3ErbK0GsA1Irn6ykkXERklFceLnFaswUemjmh5WGiirTb9Qyz1:DSleucPUXKhsmIGZkXYUJFg5fRiaTRl

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks