General

  • Target

    995724e9c271c1018e0df231aef1b500_NeikiAnalytics.exe

  • Size

    169KB

  • Sample

    240518-f9bkaadh31

  • MD5

    995724e9c271c1018e0df231aef1b500

  • SHA1

    51f2bfa1ff7cfdafced878c6bec5935838f93d27

  • SHA256

    f9652a7ee38f80c4593cb792f06dd40fe54a177b1487990341be8ea4c58cf8d1

  • SHA512

    c42b519afdeef7405d8bce0a9aed4722f00ef75508431303f47cc7cdd588ae4e93ac29001aace074f45c3a79bcfc4458d3b26257b662b918e0a8fcc2074e1125

  • SSDEEP

    1536:HvQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FK4O8A1o4XEc3YtxD8/Ai20:HhOmTsF93UYfwC6GIoutX8Ki3c3YT8V7

Malware Config

Targets

    • Target

      995724e9c271c1018e0df231aef1b500_NeikiAnalytics.exe

    • Size

      169KB

    • MD5

      995724e9c271c1018e0df231aef1b500

    • SHA1

      51f2bfa1ff7cfdafced878c6bec5935838f93d27

    • SHA256

      f9652a7ee38f80c4593cb792f06dd40fe54a177b1487990341be8ea4c58cf8d1

    • SHA512

      c42b519afdeef7405d8bce0a9aed4722f00ef75508431303f47cc7cdd588ae4e93ac29001aace074f45c3a79bcfc4458d3b26257b662b918e0a8fcc2074e1125

    • SSDEEP

      1536:HvQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FK4O8A1o4XEc3YtxD8/Ai20:HhOmTsF93UYfwC6GIoutX8Ki3c3YT8V7

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks