General
-
Target
238265888ac5a6b2f33c122d0657f4f0_NeikiAnalytics.exe
-
Size
142KB
-
Sample
240523-jdlbdshe72
-
MD5
238265888ac5a6b2f33c122d0657f4f0
-
SHA1
07e062b8de1716b5fbb0239956da1e3825b68f3c
-
SHA256
1949328e21492bd5664d52b585465a6dd2814f5a9d1268e5f0ab568841be1c72
-
SHA512
8201ea71ae12d6dc809eace4577c9d31a14786657439f439597169ff17b532adc57cfac5015e8df23f627d428e7aa47a72cc9ebc9040976b84e0958cf62f123f
-
SSDEEP
3072:BFQk3NG7xA4ViBKv4ePdmLcnLY0kOnRqsZYKFeZiOSOZpo6+fOas82:cy4YWldgcZkk5RFeZiOSapoXfs
Static task
static1
Behavioral task
behavioral1
Sample
238265888ac5a6b2f33c122d0657f4f0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
238265888ac5a6b2f33c122d0657f4f0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
xworm
region-vip.gl.at.ply.gg:52733
-
Install_directory
%Temp%
-
install_file
explorer.exe
-
telegram
https://api.telegram.org/bot6976323003:AAGzNfsdTYlBPbGEbbSm--c7mAZ9PZzt9Xw/sendMessage?chat_id=5476035148
Targets
-
-
Target
238265888ac5a6b2f33c122d0657f4f0_NeikiAnalytics.exe
-
Size
142KB
-
MD5
238265888ac5a6b2f33c122d0657f4f0
-
SHA1
07e062b8de1716b5fbb0239956da1e3825b68f3c
-
SHA256
1949328e21492bd5664d52b585465a6dd2814f5a9d1268e5f0ab568841be1c72
-
SHA512
8201ea71ae12d6dc809eace4577c9d31a14786657439f439597169ff17b532adc57cfac5015e8df23f627d428e7aa47a72cc9ebc9040976b84e0958cf62f123f
-
SSDEEP
3072:BFQk3NG7xA4ViBKv4ePdmLcnLY0kOnRqsZYKFeZiOSOZpo6+fOas82:cy4YWldgcZkk5RFeZiOSapoXfs
Score10/10-
Detect Xworm Payload
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-