Overview

overview

7

Static

static

3

697cd49a14...cs.exe

windows7-x64

7

697cd49a14...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

  • Size

    1.3MB

  • Sample

    240523-bhkxesfh41

  • MD5

    697cd49a145913a2518e703133972d70

  • SHA1

    967e67e3f6ec8a7c843a22e49dd5416503a2d6b3

  • SHA256

    97fe2996f274c8c30cded5b4103e7c6077e5fef5d3a9bbbe266a843db8e0bfa8

  • SHA512

    8b1370955997228b44d5782fe940a9a3cc10eb666894c1e7ae17f9af21108edc02a5d8e659a733ec346a63f189c6fecbd3ea741d00f00246c51a8b826424cd18

  • SSDEEP

    24576:lq8xfsY0Z4U/EDtH2cWfrUKCKRmcZi/nCJf5cXilRdmI0jMA6suRaTmv6LSc5G73:JE2UO92rUTQmcynufh3hmMA6V/iLc7Oo

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

    • Size

      1.3MB

    • MD5

      697cd49a145913a2518e703133972d70

    • SHA1

      967e67e3f6ec8a7c843a22e49dd5416503a2d6b3

    • SHA256

      97fe2996f274c8c30cded5b4103e7c6077e5fef5d3a9bbbe266a843db8e0bfa8

    • SHA512

      8b1370955997228b44d5782fe940a9a3cc10eb666894c1e7ae17f9af21108edc02a5d8e659a733ec346a63f189c6fecbd3ea741d00f00246c51a8b826424cd18

    • SSDEEP

      24576:lq8xfsY0Z4U/EDtH2cWfrUKCKRmcZi/nCJf5cXilRdmI0jMA6suRaTmv6LSc5G73:JE2UO92rUTQmcynufh3hmMA6V/iLc7Oo

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks