0df1f2ab9fbe44cee953fbae00318f186bf33d71e3d7b75c95c7a0d7c3ba26e3 | Triage

Sharing

General

Target

6e5ba601b8835e7b987230b15fb90e70_NeikiAnalytics.exe
Size

2.9MB
Sample

240523-byz2aagg4x
MD5

6e5ba601b8835e7b987230b15fb90e70
SHA1

b3abc401a4a61ecab97a05fd22a3fb211240188c
SHA256

0df1f2ab9fbe44cee953fbae00318f186bf33d71e3d7b75c95c7a0d7c3ba26e3
SHA512

980be0d8d5f1d4e465e9082f6dd94894d5156ab068a05e205f0009f8771fc1e169cab6953cd151861cda98a162e7b8e68f3d9198f98797a60aa1997aa6e68058
SSDEEP

49152:cnsHyjtk2MYC5GDDpqzgwIoCnkxkV2a3Y2a17w:cnsmtk2aApqzgwjCnkxkV2AY317w

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  6e5ba601b8835e7b987230b15fb90e70_NeikiAnalytics.exe
- Size
  
  2.9MB
- MD5
  
  6e5ba601b8835e7b987230b15fb90e70
- SHA1
  
  b3abc401a4a61ecab97a05fd22a3fb211240188c
- SHA256
  
  0df1f2ab9fbe44cee953fbae00318f186bf33d71e3d7b75c95c7a0d7c3ba26e3
- SHA512
  
  980be0d8d5f1d4e465e9082f6dd94894d5156ab068a05e205f0009f8771fc1e169cab6953cd151861cda98a162e7b8e68f3d9198f98797a60aa1997aa6e68058
- SSDEEP
  
  49152:cnsHyjtk2MYC5GDDpqzgwIoCnkxkV2a3Y2a17w:cnsmtk2aApqzgwjCnkxkV2AY317w
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2