General

  • Target

    4ad0f829cafc58eb5a0f61ef642e3ff0_NeikiAnalytics.exe

  • Size

    3.7MB

  • Sample

    240522-19r79abb77

  • MD5

    4ad0f829cafc58eb5a0f61ef642e3ff0

  • SHA1

    cacabb7ef42a0d57b7f2545f85cfe4ae10602863

  • SHA256

    3a8e0ad1aef45078317e3475d62fd8af84d50ebd58a5999eb56fec238039daf9

  • SHA512

    39e8e70659deb347084ba5ac74d79a6c731da5c5b0f072a0bf2c45076e8e861b60505af293fdc96e818b348bddd24c75f92e74929f3a5229efd905b0e819bac6

  • SSDEEP

    98304:81UDBqkepq5aOd2h3rirfXzjvLbMgutSMXps:8gBqpqokSOrfXzdaSMXK

Malware Config

Targets

    • Target

      4ad0f829cafc58eb5a0f61ef642e3ff0_NeikiAnalytics.exe

    • Size

      3.7MB

    • MD5

      4ad0f829cafc58eb5a0f61ef642e3ff0

    • SHA1

      cacabb7ef42a0d57b7f2545f85cfe4ae10602863

    • SHA256

      3a8e0ad1aef45078317e3475d62fd8af84d50ebd58a5999eb56fec238039daf9

    • SHA512

      39e8e70659deb347084ba5ac74d79a6c731da5c5b0f072a0bf2c45076e8e861b60505af293fdc96e818b348bddd24c75f92e74929f3a5229efd905b0e819bac6

    • SSDEEP

      98304:81UDBqkepq5aOd2h3rirfXzjvLbMgutSMXps:8gBqpqokSOrfXzdaSMXK

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks