General
-
Target
762ed0a27d3f400bdd81d7de464dbbe0_NeikiAnalytics.exe
-
Size
130KB
-
Sample
240519-faxngaba23
-
MD5
762ed0a27d3f400bdd81d7de464dbbe0
-
SHA1
943ea1cce24991c60ad19caa247450f55160d392
-
SHA256
1b470f2f5e80b0505c2f00d7603d36b38a8580f1ad42761e41dcde66dad3e30a
-
SHA512
5bc877b4be86bbf745790c4479349e7bb47bbf4acb5aeb108021f78b0f6d44204e5acbbe9c80035b9bbb06e19fe3fe0749ed4ca330c98e80a5af0ed9005d9ff9
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ2:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK8
Behavioral task
behavioral1
Sample
762ed0a27d3f400bdd81d7de464dbbe0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
762ed0a27d3f400bdd81d7de464dbbe0_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
762ed0a27d3f400bdd81d7de464dbbe0_NeikiAnalytics.exe
-
Size
130KB
-
MD5
762ed0a27d3f400bdd81d7de464dbbe0
-
SHA1
943ea1cce24991c60ad19caa247450f55160d392
-
SHA256
1b470f2f5e80b0505c2f00d7603d36b38a8580f1ad42761e41dcde66dad3e30a
-
SHA512
5bc877b4be86bbf745790c4479349e7bb47bbf4acb5aeb108021f78b0f6d44204e5acbbe9c80035b9bbb06e19fe3fe0749ed4ca330c98e80a5af0ed9005d9ff9
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ2:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-