Overview

overview

7

Static

static

3

6e8f4759fa...cs.exe

windows7-x64

7

6e8f4759fa...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e8f4759faf934b3cc85b1e1517369e0_NeikiAnalytics.exe

  • Size

    12KB

  • Sample

    240523-bzdjnsha62

  • MD5

    6e8f4759faf934b3cc85b1e1517369e0

  • SHA1

    031296e8c3b1968e9e55740390068e66eacf7c48

  • SHA256

    d4d4a937354eabc147fe88e8c7b27280363dc1935cd69b2bab2e9f128c2de391

  • SHA512

    15a4af2c0f0699cc6c32a6428128524f28d0d1e8c346bb7090c19685beb58b12f9b5563125e96321904255a6886cd50358e47fc1ae20926dc08dc94bb9fba865

  • SSDEEP

    384:dL7li/2zzq2DcEQvdQcJKLTp/NK9xajM:NXMCQ9cjM

Score
7/10

Malware Config

Targets

    • Target

      6e8f4759faf934b3cc85b1e1517369e0_NeikiAnalytics.exe

    • Size

      12KB

    • MD5

      6e8f4759faf934b3cc85b1e1517369e0

    • SHA1

      031296e8c3b1968e9e55740390068e66eacf7c48

    • SHA256

      d4d4a937354eabc147fe88e8c7b27280363dc1935cd69b2bab2e9f128c2de391

    • SHA512

      15a4af2c0f0699cc6c32a6428128524f28d0d1e8c346bb7090c19685beb58b12f9b5563125e96321904255a6886cd50358e47fc1ae20926dc08dc94bb9fba865

    • SSDEEP

      384:dL7li/2zzq2DcEQvdQcJKLTp/NK9xajM:NXMCQ9cjM

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks