Overview

overview

7

Static

static

3

6ffb0ebe5e...cs.exe

windows7-x64

7

6ffb0ebe5e...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ffb0ebe5e7db285cbc0a55c0a77d9b0_NeikiAnalytics.exe

  • Size

    12KB

  • Sample

    240523-b42r3aha8s

  • MD5

    6ffb0ebe5e7db285cbc0a55c0a77d9b0

  • SHA1

    2092ca285c99f6274196cf3cacf9b3fdb42c17df

  • SHA256

    3bff2b09b0b2a02cadebb840a8bb7435c5eab5fe85cfbc6c500185f2645e354e

  • SHA512

    7b82b35331644d7981d98e220f2d5e306b49b1b387103784a91237e42fd72a70e1c4607dbdb31856d4df659fe011d511711133dc7b2843cb7e44bc9d664778d0

  • SSDEEP

    384:tL7li/2zjq2DcEQvdQcJKLTp/NK9xazK:93MCQ9czK

Score
7/10

Malware Config

Targets

    • Target

      6ffb0ebe5e7db285cbc0a55c0a77d9b0_NeikiAnalytics.exe

    • Size

      12KB

    • MD5

      6ffb0ebe5e7db285cbc0a55c0a77d9b0

    • SHA1

      2092ca285c99f6274196cf3cacf9b3fdb42c17df

    • SHA256

      3bff2b09b0b2a02cadebb840a8bb7435c5eab5fe85cfbc6c500185f2645e354e

    • SHA512

      7b82b35331644d7981d98e220f2d5e306b49b1b387103784a91237e42fd72a70e1c4607dbdb31856d4df659fe011d511711133dc7b2843cb7e44bc9d664778d0

    • SSDEEP

      384:tL7li/2zjq2DcEQvdQcJKLTp/NK9xazK:93MCQ9czK

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks