General

  • Target

    b70a38a0517d82332d49008ed8544280_NeikiAnalytics.exe

  • Size

    773KB

  • Sample

    240519-n48ltsgc8v

  • MD5

    b70a38a0517d82332d49008ed8544280

  • SHA1

    5d2405742b69a74d1534746919f9125204234114

  • SHA256

    c1ac9d7f43c663808c60ff26c2e41f32f5d101a8ef0f76d68cef613b19fab280

  • SHA512

    1267737b027b3b9a77945a111352591f8c231035fe7a093f06b2e296784096775cfcfd819dbe437cd38c60babd154900707971a5626b84e083ebe044f6478542

  • SSDEEP

    12288:/KdQYPhiCUSyZsnY40EfLB5uarQWBLqBmxsTEUL9i6aoEO7nLOilOtE:/JYHUS9F0ETB5uD4LqBmxC/Lw6L7Ki/

Score
10/10

Malware Config

Targets

    • Target

      b70a38a0517d82332d49008ed8544280_NeikiAnalytics.exe

    • Size

      773KB

    • MD5

      b70a38a0517d82332d49008ed8544280

    • SHA1

      5d2405742b69a74d1534746919f9125204234114

    • SHA256

      c1ac9d7f43c663808c60ff26c2e41f32f5d101a8ef0f76d68cef613b19fab280

    • SHA512

      1267737b027b3b9a77945a111352591f8c231035fe7a093f06b2e296784096775cfcfd819dbe437cd38c60babd154900707971a5626b84e083ebe044f6478542

    • SSDEEP

      12288:/KdQYPhiCUSyZsnY40EfLB5uarQWBLqBmxsTEUL9i6aoEO7nLOilOtE:/JYHUS9F0ETB5uD4LqBmxC/Lw6L7Ki/

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      34442e1e0c2870341df55e1b7b3cccdc

    • SHA1

      99b2fa21aead4b6ccd8ff2f6d3d3453a51d9c70c

    • SHA256

      269d232712c86983336badb40b9e55e80052d8389ed095ebf9214964d43b6bb1

    • SHA512

      4a8c57fb12997438b488b862f3fc9dc0f236e07bb47b2bce6053dcb03ac7ad171842f02ac749f02dda4719c681d186330524cd2953d33cb50854844e74b33d51

    • SSDEEP

      192:jPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4I:u7VpNo8gmOyRsVc4

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks