Overview

overview

7

Static

static

3

61b2172d7c...cs.exe

windows7-x64

7

61b2172d7c...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61b2172d7c2013c5f6d268a1bac4b6c0_NeikiAnalytics.exe

  • Size

    12KB

  • Sample

    240523-aqwhfseg77

  • MD5

    61b2172d7c2013c5f6d268a1bac4b6c0

  • SHA1

    33bd967012981a068865e822db79f3af27647d35

  • SHA256

    12cb2d23ee54c7bd2395832746c30c61c67de21b168a1e44e1d70552503d0bd9

  • SHA512

    dbf4bde991084736fbfe5a533a3e1501238f824b894202853079398203b9f47f4c8cb5dbba97e6555ce25f23d480ce2ae6448bd21e46eb21f97a396d778e5b2a

  • SSDEEP

    384:HL7li/2zYq2DcEQvdhcJKLTp/NK9xaHx:rsM/Q9cHx

Score
7/10

Malware Config

Targets

    • Target

      61b2172d7c2013c5f6d268a1bac4b6c0_NeikiAnalytics.exe

    • Size

      12KB

    • MD5

      61b2172d7c2013c5f6d268a1bac4b6c0

    • SHA1

      33bd967012981a068865e822db79f3af27647d35

    • SHA256

      12cb2d23ee54c7bd2395832746c30c61c67de21b168a1e44e1d70552503d0bd9

    • SHA512

      dbf4bde991084736fbfe5a533a3e1501238f824b894202853079398203b9f47f4c8cb5dbba97e6555ce25f23d480ce2ae6448bd21e46eb21f97a396d778e5b2a

    • SSDEEP

      384:HL7li/2zYq2DcEQvdhcJKLTp/NK9xaHx:rsM/Q9cHx

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks