General
-
Target
cb164758ffd7ce51960de2ba05e382c0_NeikiAnalytics.exe
-
Size
244KB
-
Sample
240520-hrwtlshc6w
-
MD5
cb164758ffd7ce51960de2ba05e382c0
-
SHA1
6dfcf3e3dca6df75acec6fc08b183140dfc524cd
-
SHA256
5e5eb58d50fa69431ecbf9645b519b40dcbaef0bf612e7f219a91a14c57c7eca
-
SHA512
e4dcdcea68b08533ba55ae6d55d1ddc0fb475e999b112501c3496a250cb83c739c93cab19042d9d32b7c2914fa4c0e10f0d4322e053d723ebc871c3f374d7555
-
SSDEEP
3072:9oQ7UzBqoYOvuQEhcVYYrwhBBxQJR5zc1cNmp585BN4CRIOCX9:kz8KmQEKG+KB05g1cq5sN4
Malware Config
Extracted
stealc
default11
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
cb164758ffd7ce51960de2ba05e382c0_NeikiAnalytics.exe
-
Size
244KB
-
MD5
cb164758ffd7ce51960de2ba05e382c0
-
SHA1
6dfcf3e3dca6df75acec6fc08b183140dfc524cd
-
SHA256
5e5eb58d50fa69431ecbf9645b519b40dcbaef0bf612e7f219a91a14c57c7eca
-
SHA512
e4dcdcea68b08533ba55ae6d55d1ddc0fb475e999b112501c3496a250cb83c739c93cab19042d9d32b7c2914fa4c0e10f0d4322e053d723ebc871c3f374d7555
-
SSDEEP
3072:9oQ7UzBqoYOvuQEhcVYYrwhBBxQJR5zc1cNmp585BN4CRIOCX9:kz8KmQEKG+KB05g1cq5sN4
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-