General

  • Target

    6389b3c3e4c62fbe1335f91ad2ea1000_NeikiAnalytics.exe

  • Size

    440KB

  • Sample

    240523-ayrt8sfb72

  • MD5

    6389b3c3e4c62fbe1335f91ad2ea1000

  • SHA1

    f33d1f8fb8e5cbea7ade4b291f4e6a2eb1ce62a1

  • SHA256

    a2c4f3c0be9b1aa77584a8baee1c6c2e80f61a14c98f30c584319e05f15ab508

  • SHA512

    156ee36993ad5ad92b5b1fa38e5f6aa2544c015769ea1240082f98de744d7ce9842b49825c6bc750bcc7b252cbf605c6eb019cf68e552b4ff4ba6f07881e8bfb

  • SSDEEP

    3072:953mQkJtnP5I09qgmBBAWgjSvwF97Ghm94b:rmxJtna2qgmBNgQwCr

Score
10/10
upx

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      6389b3c3e4c62fbe1335f91ad2ea1000_NeikiAnalytics.exe

    • Size

      440KB

    • MD5

      6389b3c3e4c62fbe1335f91ad2ea1000

    • SHA1

      f33d1f8fb8e5cbea7ade4b291f4e6a2eb1ce62a1

    • SHA256

      a2c4f3c0be9b1aa77584a8baee1c6c2e80f61a14c98f30c584319e05f15ab508

    • SHA512

      156ee36993ad5ad92b5b1fa38e5f6aa2544c015769ea1240082f98de744d7ce9842b49825c6bc750bcc7b252cbf605c6eb019cf68e552b4ff4ba6f07881e8bfb

    • SSDEEP

      3072:953mQkJtnP5I09qgmBBAWgjSvwF97Ghm94b:rmxJtna2qgmBNgQwCr

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks