General
-
Target
5ede7f188f5353878c0e62808ce3e770_NeikiAnalytics.exe
-
Size
7.0MB
-
Sample
240523-afp8paed42
-
MD5
5ede7f188f5353878c0e62808ce3e770
-
SHA1
45304918cd64e289cdfbf9639f75d727e11f7762
-
SHA256
53b234f3e654f6f92e483116e611983d854fe9ea80e2ffe33ca78969a15c2b9e
-
SHA512
48bcbef48b95b920cf6723b623fd7de1ef9e5929577a67dc6d00906d793015bc954a88655cb0dc4e72d3f43663ec9ee8e0152f23a58def8c68827d4e4783f505
-
SSDEEP
98304:D0VImDH9VZ9LiH/aU0qblzBjnaZxUdtnWupousn:DADDp9L5QzBjnJdNlpPsn
Behavioral task
behavioral1
Sample
5ede7f188f5353878c0e62808ce3e770_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5ede7f188f5353878c0e62808ce3e770_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
5ede7f188f5353878c0e62808ce3e770_NeikiAnalytics.exe
-
Size
7.0MB
-
MD5
5ede7f188f5353878c0e62808ce3e770
-
SHA1
45304918cd64e289cdfbf9639f75d727e11f7762
-
SHA256
53b234f3e654f6f92e483116e611983d854fe9ea80e2ffe33ca78969a15c2b9e
-
SHA512
48bcbef48b95b920cf6723b623fd7de1ef9e5929577a67dc6d00906d793015bc954a88655cb0dc4e72d3f43663ec9ee8e0152f23a58def8c68827d4e4783f505
-
SSDEEP
98304:D0VImDH9VZ9LiH/aU0qblzBjnaZxUdtnWupousn:DADDp9L5QzBjnJdNlpPsn
Score10/10-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-