General
-
Target
19eaa32a799fa546a8d7c965635f0f20_NeikiAnalytics.exe
-
Size
196KB
-
Sample
240523-g8ee8agc83
-
MD5
19eaa32a799fa546a8d7c965635f0f20
-
SHA1
fe03b7024762a411ca4ad58646dcc2d9ec529d88
-
SHA256
0d363d8455514c13834e4a7e97f457930cbdfc009106239d75cbbec130985fac
-
SHA512
57e3738ab88bf12546d872d383e33a5af5e98eb46b0af31e21380b7dfa99003da58683b2fb2b430bb97457b6c5e43c52bb930304d3eb08f8181cc7cff3aba4cd
-
SSDEEP
3072:Q3OHRcho84LJYsDcXvm191q0rbFlvWlodPaBoMbM:Q3Oxz84LmsIg11rbzuvBoMbM
Malware Config
Targets
-
-
Target
19eaa32a799fa546a8d7c965635f0f20_NeikiAnalytics.exe
-
Size
196KB
-
MD5
19eaa32a799fa546a8d7c965635f0f20
-
SHA1
fe03b7024762a411ca4ad58646dcc2d9ec529d88
-
SHA256
0d363d8455514c13834e4a7e97f457930cbdfc009106239d75cbbec130985fac
-
SHA512
57e3738ab88bf12546d872d383e33a5af5e98eb46b0af31e21380b7dfa99003da58683b2fb2b430bb97457b6c5e43c52bb930304d3eb08f8181cc7cff3aba4cd
-
SSDEEP
3072:Q3OHRcho84LJYsDcXvm191q0rbFlvWlodPaBoMbM:Q3Oxz84LmsIg11rbzuvBoMbM
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (65) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1