General
-
Target
58dd0927178cd126bf63ddb35ade7ab0_NeikiAnalytics.exe
-
Size
520KB
-
Sample
240522-3kdpnsdd34
-
MD5
58dd0927178cd126bf63ddb35ade7ab0
-
SHA1
a79f14733adf1db448fc34923d30008649968137
-
SHA256
d90f74202978c99a99988c2b32982e029eb4ace988110b03686d44a36b5d8aa0
-
SHA512
f7d9dafe70fa5020589e5bed3138695ae1d18bc9028972246eda745901e36d8bb6ab764759b51d870d5cce618993d3e585f25724970f75a5bcd98be0c83905c2
-
SSDEEP
12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXh:zW6ncoyqOp6IsTl/mXh
Malware Config
Targets
-
-
Target
58dd0927178cd126bf63ddb35ade7ab0_NeikiAnalytics.exe
-
Size
520KB
-
MD5
58dd0927178cd126bf63ddb35ade7ab0
-
SHA1
a79f14733adf1db448fc34923d30008649968137
-
SHA256
d90f74202978c99a99988c2b32982e029eb4ace988110b03686d44a36b5d8aa0
-
SHA512
f7d9dafe70fa5020589e5bed3138695ae1d18bc9028972246eda745901e36d8bb6ab764759b51d870d5cce618993d3e585f25724970f75a5bcd98be0c83905c2
-
SSDEEP
12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXh:zW6ncoyqOp6IsTl/mXh
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1