Extracted

• • Target

    0f7cd9893b3fa42c01ef607ca3928a80_NeikiAnalytics.exe

  • Size

    2.6MB

  • MD5

    0f7cd9893b3fa42c01ef607ca3928a80

  • SHA1

    0c9cdc7fabddf95e879b05caf3f370b03edb8883

  • SHA256

    1c940b518edf6238070965acb34b839c5dc621063ba3295c9db8499465477dbe

  • SHA512

    a6e7b0d211efd6e635eff23de4bed206162732b2098062dc41d7f0241ca3a1927ca73ed3db72f11eaa44dcb50e8d1f2c914b62594b6f1e9ab93547c5afcc81aa

  • SSDEEP

    24576:ObCj2sObHtqQ4QEfCr7w7yvuqqNq8FroaSaPXRackmrM4Biq7MhLv9GImmVfq4es:ObCjPKNqQEfsw43qtmVfq4P

  Score

  10^/10

  collectiondiscoverypersistencespywarestealerupx

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2