General
-
Target
0de292dc81b87f87eaf4e46bf8a214d0_NeikiAnalytics.exe
-
Size
281KB
-
Sample
240519-wkw3paad46
-
MD5
0de292dc81b87f87eaf4e46bf8a214d0
-
SHA1
18ed652ce2842baf38785c521705be46774d2dce
-
SHA256
a5e658cfdaeaec13ffa9316470dbbb9f7aca10f207abaea1128b8ec0738229df
-
SHA512
38cc191c8fd0637aaaa7bdc99cabe8647bb9b41d2fd8679a2dfb9e34e4914c2471784ad6d522b03bf04f0ce3a5d70afbbcca7cf09c770257748d2ef545d293bc
-
SSDEEP
6144:lClUynDl0ze23UM3DAJdZ5K+GlE30hv9:QUwv23o15taJ
Static task
static1
Behavioral task
behavioral1
Sample
0de292dc81b87f87eaf4e46bf8a214d0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0de292dc81b87f87eaf4e46bf8a214d0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cobaltstrike
100000000
http://101.42.26.173:443/jeecg-boot/websocket/e9ca23d68d884d4ebb19d07889727dae
-
access_type
512
-
beacon_type
2048
-
host
101.42.26.173,/jeecg-boot/websocket/e9ca23d68d884d4ebb19d07889727dae
-
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAEFByYWdtYTogbm8tY2FjaGUAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAANAAAAAgAAAAVBTklEPQAAAAIAAAAZX19TZWN1cmUtM1BBUElTSUQ9bm9za2luOwAAAAEAAAAjO0NPTlNFTlQ9WUVTK0NOLnpoLUNOKzIwMjEwOTE3LTA5LTAAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAoAAAAtUmVmZXJlcjogaHR0cHM6Ly8yMzQuenRjY2xvdWQuY29tLmNuL2dhdGV3YXkvAAAACgAAACNPcmlnaW46IGh0dHBzOi8vMjM0Lnp0Y2Nsb3VkLmNvbS5jbgAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFXNyY2h1c2VyPXRMbWJDQ0ZmWkVnSAAAAAkAAAAQZ3JvdXBuYW1lPUZReG5GdwAAAAcAAAABAAAADQAAAAIAAAAqYWlkXz01MjIwMDU3MDUmYWNjdmVyPTEmc2hvd3R5cGU9ZW1iZWQmdWE9AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
256
-
polling_time
42000
-
port_number
443
-
sc_process32
%windir%\syswow64\spoolsv.exe
-
sc_process64
%windir%\sysnative\spoolsv.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjxGC7juHBlDj9RIaRMUR79VrPayHx8zm10dO7UeLltGMIYS6djPJDQZx0VxkT+fCMNoIynKvWdYMboLKbsAW2hScJH8haN28VsIbRXCAXMMpi5qbaTgYTqau99keFT+4il7NwpXVG80GDcGhhpXdXzJDPvD1sjQ+efxpu5ifMuQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.785026048e+09
-
unknown2
AAAABAAAAAEAAAA4AAAAAgAAADcAAAACAAAANwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/sys/auth/sms/loginBySms
-
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 4.0; Trident/4.0)
-
watermark
100000000
Targets
-
-
Target
0de292dc81b87f87eaf4e46bf8a214d0_NeikiAnalytics.exe
-
Size
281KB
-
MD5
0de292dc81b87f87eaf4e46bf8a214d0
-
SHA1
18ed652ce2842baf38785c521705be46774d2dce
-
SHA256
a5e658cfdaeaec13ffa9316470dbbb9f7aca10f207abaea1128b8ec0738229df
-
SHA512
38cc191c8fd0637aaaa7bdc99cabe8647bb9b41d2fd8679a2dfb9e34e4914c2471784ad6d522b03bf04f0ce3a5d70afbbcca7cf09c770257748d2ef545d293bc
-
SSDEEP
6144:lClUynDl0ze23UM3DAJdZ5K+GlE30hv9:QUwv23o15taJ
Score10/10 -