General
-
Target
2ec94a180f5343458d6815289d6c4d00_NeikiAnalytics.exe
-
Size
396KB
-
Sample
240519-y2fhdaga2v
-
MD5
2ec94a180f5343458d6815289d6c4d00
-
SHA1
1500b074dea5ffa51c52ade73b316671c3b516d9
-
SHA256
65d2877dd8bab498324649c7ba03f4bcd353ef25513ee62e38e9c315a5cdd6c9
-
SHA512
92b8327838acb473b3f1dfdf7332b6e752d2416d38aba3d9e0cd550abb089c66ed2b66592eedc6fdd8440e6b50cb8342075f14ac35348ace2d3bd1301d5b93b4
-
SSDEEP
3072:9h5DRQjYtnP5K09qgmBBAWgjSvwF37KmG4y:hReYtnE2qgmBNgQwq
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
2ec94a180f5343458d6815289d6c4d00_NeikiAnalytics.exe
-
Size
396KB
-
MD5
2ec94a180f5343458d6815289d6c4d00
-
SHA1
1500b074dea5ffa51c52ade73b316671c3b516d9
-
SHA256
65d2877dd8bab498324649c7ba03f4bcd353ef25513ee62e38e9c315a5cdd6c9
-
SHA512
92b8327838acb473b3f1dfdf7332b6e752d2416d38aba3d9e0cd550abb089c66ed2b66592eedc6fdd8440e6b50cb8342075f14ac35348ace2d3bd1301d5b93b4
-
SSDEEP
3072:9h5DRQjYtnP5K09qgmBBAWgjSvwF37KmG4y:hReYtnE2qgmBNgQwq
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-