88f068f27f9a49cc62485d232b0d24ea46b0b363a9645f15c98b2d12a251cc1e | Triage

Sharing

General

Target

756d0566a907d1a6bbbc0598147137e0_NeikiAnalytics.exe
Size

53KB
Sample

240523-cnwrjsad26
MD5

756d0566a907d1a6bbbc0598147137e0
SHA1

216e975ca96dac997b13e66a2781161177920ea0
SHA256

88f068f27f9a49cc62485d232b0d24ea46b0b363a9645f15c98b2d12a251cc1e
SHA512

450179140aaa14d82d46c977f6186e7a21a040a7f13e80f732006de556a4f071577c0d1cfe3fdf016dbd4bcfaa619ec5c2dd51484d0942a3bc527d7816d10f80
SSDEEP

1536:vNkg8r8Q7PkT+7Kp3StjEMjmLM3ztDJWZsXy4JzxPMk:YPkCJJjmLM3zRJWZsXy4JN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  756d0566a907d1a6bbbc0598147137e0_NeikiAnalytics.exe
- Size
  
  53KB
- MD5
  
  756d0566a907d1a6bbbc0598147137e0
- SHA1
  
  216e975ca96dac997b13e66a2781161177920ea0
- SHA256
  
  88f068f27f9a49cc62485d232b0d24ea46b0b363a9645f15c98b2d12a251cc1e
- SHA512
  
  450179140aaa14d82d46c977f6186e7a21a040a7f13e80f732006de556a4f071577c0d1cfe3fdf016dbd4bcfaa619ec5c2dd51484d0942a3bc527d7816d10f80
- SSDEEP
  
  1536:vNkg8r8Q7PkT+7Kp3StjEMjmLM3ztDJWZsXy4JzxPMk:YPkCJJjmLM3zRJWZsXy4JN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence