Overview

overview

7

Static

static

3

0d19637d68...cs.exe

windows7-x64

7

0d19637d68...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d19637d68c53f3cac3959a848473a60_NeikiAnalytics.exe

  • Size

    128KB

  • Sample

    240521-znjtbaab7x

  • MD5

    0d19637d68c53f3cac3959a848473a60

  • SHA1

    5f8dc94e8c019634c2a1a4b016cdf650dacb7a00

  • SHA256

    9abe33680967b1a3321cf8610f2f93e16a423a5b9e5f587c77ac8819f2236f3b

  • SHA512

    8897a2b619dfd240fa73d551e221027570cc2aedbc743b0be433b8adc0a64caed4f3d02c3a5f084d1e394e0ef3d053269f3f395578cfd822e5e210537b7ac3c8

  • SSDEEP

    3072:VvgwhTm5amkqIJS20hD7Me+QpWT21/Blx77x19:jmhUKWyJBlx77/9

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      0d19637d68c53f3cac3959a848473a60_NeikiAnalytics.exe

    • Size

      128KB

    • MD5

      0d19637d68c53f3cac3959a848473a60

    • SHA1

      5f8dc94e8c019634c2a1a4b016cdf650dacb7a00

    • SHA256

      9abe33680967b1a3321cf8610f2f93e16a423a5b9e5f587c77ac8819f2236f3b

    • SHA512

      8897a2b619dfd240fa73d551e221027570cc2aedbc743b0be433b8adc0a64caed4f3d02c3a5f084d1e394e0ef3d053269f3f395578cfd822e5e210537b7ac3c8

    • SSDEEP

      3072:VvgwhTm5amkqIJS20hD7Me+QpWT21/Blx77x19:jmhUKWyJBlx77/9

    Score
    7/10
    upxpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks