General

  • Target

    d5a47365621d12f874662587ea8385d0_NeikiAnalytics.exe

  • Size

    169KB

  • Sample

    240518-rl6ajafd41

  • MD5

    d5a47365621d12f874662587ea8385d0

  • SHA1

    3c05a8794ccc4a3ac347171757ebf22c78c17236

  • SHA256

    d01b971f4fb227ebc83c02503aa3ea6a6e65574356882cb9402d1764f2215a17

  • SHA512

    3cb0f51615d6e3ca0adbd49d21ea5235955cb20efc39efbbc84e6331d6343eb366ddabe06070ea49848f346b4f3a3017ddb2c166cf75784c1b3e4e0b60d37578

  • SSDEEP

    1536:HvQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FK4O8A1o4XEc3YtxD8/Ai2C:HhOmTsF93UYfwC6GIoutX8Ki3c3YT8VL

Malware Config

Targets

    • Target

      d5a47365621d12f874662587ea8385d0_NeikiAnalytics.exe

    • Size

      169KB

    • MD5

      d5a47365621d12f874662587ea8385d0

    • SHA1

      3c05a8794ccc4a3ac347171757ebf22c78c17236

    • SHA256

      d01b971f4fb227ebc83c02503aa3ea6a6e65574356882cb9402d1764f2215a17

    • SHA512

      3cb0f51615d6e3ca0adbd49d21ea5235955cb20efc39efbbc84e6331d6343eb366ddabe06070ea49848f346b4f3a3017ddb2c166cf75784c1b3e4e0b60d37578

    • SSDEEP

      1536:HvQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FK4O8A1o4XEc3YtxD8/Ai2C:HhOmTsF93UYfwC6GIoutX8Ki3c3YT8VL

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks