Overview

overview

10

Static

static

10

8f9a288dd6...cs.exe

windows7-x64

10

8f9a288dd6...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f9a288dd613c5192aeee4eb81eb3ec0_NeikiAnalytics.exe

  • Size

    848KB

  • Sample

    240518-fc85aacd77

  • MD5

    8f9a288dd613c5192aeee4eb81eb3ec0

  • SHA1

    ccc493af423e71ed0736d1e693753c71dcef0626

  • SHA256

    34fc5eff22375eb102c336d72cf44dfdb166e8728736b51a873ad63ca8747d67

  • SHA512

    ef05b8c4f100ca0bb73fd66e7389742c4c18198ec15b5858f1ba4b7b50c57ecba35e8f8f2d69ed051927a133264088453708707e2d636d4ca54e68db3b3b2b4e

  • SSDEEP

    12288:TirgxjMr91nJ8F4SfK4COg/PEOIqnRHzYYNOPagPSc9T6XSmYFOYiYQu:TLxIrfnJ8j0D/vI+RTJNtYjT6XSmN9u

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      8f9a288dd613c5192aeee4eb81eb3ec0_NeikiAnalytics.exe

    • Size

      848KB

    • MD5

      8f9a288dd613c5192aeee4eb81eb3ec0

    • SHA1

      ccc493af423e71ed0736d1e693753c71dcef0626

    • SHA256

      34fc5eff22375eb102c336d72cf44dfdb166e8728736b51a873ad63ca8747d67

    • SHA512

      ef05b8c4f100ca0bb73fd66e7389742c4c18198ec15b5858f1ba4b7b50c57ecba35e8f8f2d69ed051927a133264088453708707e2d636d4ca54e68db3b3b2b4e

    • SSDEEP

      12288:TirgxjMr91nJ8F4SfK4COg/PEOIqnRHzYYNOPagPSc9T6XSmYFOYiYQu:TLxIrfnJ8j0D/vI+RTJNtYjT6XSmN9u

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks