Overview

overview

9

Static

static

7

4ad0f829ca...cs.exe

windows7-x64

9

4ad0f829ca...cs.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ad0f829cafc58eb5a0f61ef642e3ff0_NeikiAnalytics.exe

  • Size

    3.7MB

  • Sample

    240522-19r79abb77

  • MD5

    4ad0f829cafc58eb5a0f61ef642e3ff0

  • SHA1

    cacabb7ef42a0d57b7f2545f85cfe4ae10602863

  • SHA256

    3a8e0ad1aef45078317e3475d62fd8af84d50ebd58a5999eb56fec238039daf9

  • SHA512

    39e8e70659deb347084ba5ac74d79a6c731da5c5b0f072a0bf2c45076e8e861b60505af293fdc96e818b348bddd24c75f92e74929f3a5229efd905b0e819bac6

  • SSDEEP

    98304:81UDBqkepq5aOd2h3rirfXzjvLbMgutSMXps:8gBqpqokSOrfXzdaSMXK

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      4ad0f829cafc58eb5a0f61ef642e3ff0_NeikiAnalytics.exe

    • Size

      3.7MB

    • MD5

      4ad0f829cafc58eb5a0f61ef642e3ff0

    • SHA1

      cacabb7ef42a0d57b7f2545f85cfe4ae10602863

    • SHA256

      3a8e0ad1aef45078317e3475d62fd8af84d50ebd58a5999eb56fec238039daf9

    • SHA512

      39e8e70659deb347084ba5ac74d79a6c731da5c5b0f072a0bf2c45076e8e861b60505af293fdc96e818b348bddd24c75f92e74929f3a5229efd905b0e819bac6

    • SSDEEP

      98304:81UDBqkepq5aOd2h3rirfXzjvLbMgutSMXps:8gBqpqokSOrfXzdaSMXK

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks