General

  • Target

    67b342125eaf54c5557c4f358dbcdf20_NeikiAnalytics.exe

  • Size

    75KB

  • Sample

    240523-bcat9sfh23

  • MD5

    67b342125eaf54c5557c4f358dbcdf20

  • SHA1

    98cab288c690a2ef126f4f0d84739f47924df87e

  • SHA256

    33e75770d8d403a4c9b4aaba6f7a1023bea2ddb762763cdc00fc4feb089772ad

  • SHA512

    97816c9766d113a64b241f00aec1aa5f6ea06e7a13b92520097c4f7b4b50b8cc28b9cb71e050ec516d13fddfd86722e3e0c7737a4632bdeadb6e57e71eb444d2

  • SSDEEP

    1536:Kx1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3B:aOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPp

Malware Config

Targets

    • Target

      67b342125eaf54c5557c4f358dbcdf20_NeikiAnalytics.exe

    • Size

      75KB

    • MD5

      67b342125eaf54c5557c4f358dbcdf20

    • SHA1

      98cab288c690a2ef126f4f0d84739f47924df87e

    • SHA256

      33e75770d8d403a4c9b4aaba6f7a1023bea2ddb762763cdc00fc4feb089772ad

    • SHA512

      97816c9766d113a64b241f00aec1aa5f6ea06e7a13b92520097c4f7b4b50b8cc28b9cb71e050ec516d13fddfd86722e3e0c7737a4632bdeadb6e57e71eb444d2

    • SSDEEP

      1536:Kx1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3B:aOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPp

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks