General
-
Target
28be40acc961d0ea88cafb87d1d92c80_NeikiAnalytics.exe
-
Size
705KB
-
Sample
240519-yj9cqseg53
-
MD5
28be40acc961d0ea88cafb87d1d92c80
-
SHA1
6963b41056d86e808d0b173b6c0fe22d3d356c3e
-
SHA256
365e3845893ef3305b44c24ffa21a6ef8718534c0e438e4d67c3b35ac87d2c9e
-
SHA512
82a0e81d70ff03441c382e53ed4d7df07b4ccc37c1b512ce30f3bcb2c09fd067ba37b0b89ebcae18e9eaf210d86bef0978bf51111151d64227ea5de1179741a0
-
SSDEEP
12288:rdrLbDZaNRp5H6ykhyMhHC5gxhWpGoX8lVB23TRLCKUPJSX4lDJ1:5LDZMRp5H6yk9gII8XmCKQwXWDD
Static task
static1
Behavioral task
behavioral1
Sample
28be40acc961d0ea88cafb87d1d92c80_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
qt22
tryventura.co
cashstash.online
keiramcwilliams.site
ytdnb558.com
huq.homes
ib999.cc
ivy001.com
militaryjobs.site
mfhospitality.net
landtour-outdoor.com
cosmicdustclub.com
ssskjv.com
bigremporium.com
network221.com
thegfshops.com
iase.in
alliednp.com
tprovenance.io
massimaidratazione.com
dominodarts.com
pnueprocomp.com
mailmondasconsulting.com
10383ww.com
dew-swimwear.com
yuhb.xyz
311979.com
jiuber.com
aserviceapp.com
fgeozxdr.shop
balisicatnakami.com
kp4fj.cc
606667.xyz
giudaskincare.com
zhiwei-tc.com
rimowa-official.shop
roseforport.com
zenith8commerce.com
zzhtec.com
zhongrentong.fun
sydneyof.com
usps1-updatemyparcel.cc
amritresorts.com
beckerprotocol.com
mstudio44.online
goodmarkets.store
needasystem.com
vitronet.design
jwwallets.com
urban-bag.us
basebasing.com
f4mc10gw.shop
nrdrz.com
tipsylemonade.com
odvip639.com
globesec.io
gevojyt.cfd
moodindigo.rocks
nrteam.store
iierviw510.top
bsuc.in
sicilygate.com
dairybar2024.com
yagonbo.lol
odty312.net
pingshishijie.com
Targets
-
-
Target
28be40acc961d0ea88cafb87d1d92c80_NeikiAnalytics.exe
-
Size
705KB
-
MD5
28be40acc961d0ea88cafb87d1d92c80
-
SHA1
6963b41056d86e808d0b173b6c0fe22d3d356c3e
-
SHA256
365e3845893ef3305b44c24ffa21a6ef8718534c0e438e4d67c3b35ac87d2c9e
-
SHA512
82a0e81d70ff03441c382e53ed4d7df07b4ccc37c1b512ce30f3bcb2c09fd067ba37b0b89ebcae18e9eaf210d86bef0978bf51111151d64227ea5de1179741a0
-
SSDEEP
12288:rdrLbDZaNRp5H6ykhyMhHC5gxhWpGoX8lVB23TRLCKUPJSX4lDJ1:5LDZMRp5H6yk9gII8XmCKQwXWDD
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-