General
-
Target
07509e7bfdeb2027d021b7f98539c040_NeikiAnalytics.exe
-
Size
9.5MB
-
Sample
240521-x6v8ysfh93
-
MD5
07509e7bfdeb2027d021b7f98539c040
-
SHA1
67603029c5b092bcc39fac5187d6f3cf93233cb6
-
SHA256
544e7e6b6893fa07a4fa3fa457a48723a8f51c404077a27bd25c736cf4df4fc7
-
SHA512
1081ffc6af19d6cef2f12b06b9afc73f85db620440d9ec623fcdf14bb35b5b1668e7ee59cf73081618ad9bc1be758ee673e97400b5e34961d1eeae2d76235790
-
SSDEEP
98304:t25Y4P6vABpwXgOlx8UJEZMFCEd+MFQlpM3:zW6vA8d8UJE+FPdspM3
Malware Config
Targets
-
-
Target
07509e7bfdeb2027d021b7f98539c040_NeikiAnalytics.exe
-
Size
9.5MB
-
MD5
07509e7bfdeb2027d021b7f98539c040
-
SHA1
67603029c5b092bcc39fac5187d6f3cf93233cb6
-
SHA256
544e7e6b6893fa07a4fa3fa457a48723a8f51c404077a27bd25c736cf4df4fc7
-
SHA512
1081ffc6af19d6cef2f12b06b9afc73f85db620440d9ec623fcdf14bb35b5b1668e7ee59cf73081618ad9bc1be758ee673e97400b5e34961d1eeae2d76235790
-
SSDEEP
98304:t25Y4P6vABpwXgOlx8UJEZMFCEd+MFQlpM3:zW6vA8d8UJE+FPdspM3
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Hide Artifacts
1Hidden Files and Directories
1