Overview

overview

10

Static

static

10

95a3d0da09...cs.exe

windows7-x64

10

95a3d0da09...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95a3d0da09202334b131a396f364f220_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240518-fxjp5add31

  • MD5

    95a3d0da09202334b131a396f364f220

  • SHA1

    afbae7871c4fa22be4120f9739dd2ab942204b3d

  • SHA256

    65d6be3300a588d459e3c362870f9e1836c25e1ea3aa91478518e6f821950742

  • SHA512

    0365841d0173a7fec74e15608eed3a54feed82653569c13e9b416553662143ea6b9a39a94cd204a7d05bace0c86eefcf91e17f25eb4bfdab4106b14e2a9d5da4

  • SSDEEP

    49152:MRGBzEVVo3ZrI7z9Al0P7bzhOLKBmkB3Wt67Gq+NroR:MRG2VV2ZrczqqrhOLKB53Wnq+g

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      95a3d0da09202334b131a396f364f220_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      95a3d0da09202334b131a396f364f220

    • SHA1

      afbae7871c4fa22be4120f9739dd2ab942204b3d

    • SHA256

      65d6be3300a588d459e3c362870f9e1836c25e1ea3aa91478518e6f821950742

    • SHA512

      0365841d0173a7fec74e15608eed3a54feed82653569c13e9b416553662143ea6b9a39a94cd204a7d05bace0c86eefcf91e17f25eb4bfdab4106b14e2a9d5da4

    • SSDEEP

      49152:MRGBzEVVo3ZrI7z9Al0P7bzhOLKBmkB3Wt67Gq+NroR:MRG2VV2ZrczqqrhOLKB53Wnq+g

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks