Overview

overview

10

Static

static

7

d99ad19cdf...cs.exe

windows7-x64

10

d99ad19cdf...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d99ad19cdfcb07ada8ca910737295610_NeikiAnalytics.exe

  • Size

    293KB

  • Sample

    240520-jxrbrabe2x

  • MD5

    d99ad19cdfcb07ada8ca910737295610

  • SHA1

    f64e47399be079f0933068166fccc44c47649af9

  • SHA256

    f5475563cd3582fd2704b2a334d85d5cf6e9bb5eebad8467767682d7a75445ad

  • SHA512

    0bd76a32b7a7e57585eae8fa264d6ce472cbe9c091a75ef85eab08d24662155b115b9ea52548659046e2f3c359bfc55aa95dbba67fa9ad28795b1bd0fd1220d5

  • SSDEEP

    6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJd:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSj

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      d99ad19cdfcb07ada8ca910737295610_NeikiAnalytics.exe

    • Size

      293KB

    • MD5

      d99ad19cdfcb07ada8ca910737295610

    • SHA1

      f64e47399be079f0933068166fccc44c47649af9

    • SHA256

      f5475563cd3582fd2704b2a334d85d5cf6e9bb5eebad8467767682d7a75445ad

    • SHA512

      0bd76a32b7a7e57585eae8fa264d6ce472cbe9c091a75ef85eab08d24662155b115b9ea52548659046e2f3c359bfc55aa95dbba67fa9ad28795b1bd0fd1220d5

    • SSDEEP

      6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJd:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSj

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks