General

  • Target

    4f5f44468e67b7a7beb26ca48afe43e0_NeikiAnalytics.exe

  • Size

    36KB

  • Sample

    240522-2nzwmsbg71

  • MD5

    4f5f44468e67b7a7beb26ca48afe43e0

  • SHA1

    92698a420bfbefc3fd6de58e29a7bc055c85a939

  • SHA256

    2a53717272c2133a69ee90bbf084d1b3acbdd5d88bd108a75f7bc9cb65f95f51

  • SHA512

    9dcb92676d559e97162542ed6c2f5def54fa29fe37684ac6943d4fbcd6c0fb31b2e323d2a5c7794353e0ae9eebb6dd4cb35a6ae4b712db01d34250e694dafa29

  • SSDEEP

    768:9qSqC8+N5ozQQqncwxWmNXMX3cX8wtgg/X/zCtgcgCEX8u/vSXrXrXrXrXrXyu1S:9rqfzQQqamN88Fr277777RQ

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      4f5f44468e67b7a7beb26ca48afe43e0_NeikiAnalytics.exe

    • Size

      36KB

    • MD5

      4f5f44468e67b7a7beb26ca48afe43e0

    • SHA1

      92698a420bfbefc3fd6de58e29a7bc055c85a939

    • SHA256

      2a53717272c2133a69ee90bbf084d1b3acbdd5d88bd108a75f7bc9cb65f95f51

    • SHA512

      9dcb92676d559e97162542ed6c2f5def54fa29fe37684ac6943d4fbcd6c0fb31b2e323d2a5c7794353e0ae9eebb6dd4cb35a6ae4b712db01d34250e694dafa29

    • SSDEEP

      768:9qSqC8+N5ozQQqncwxWmNXMX3cX8wtgg/X/zCtgcgCEX8u/vSXrXrXrXrXrXyu1S:9rqfzQQqamN88Fr277777RQ

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks