General
-
Target
9a15ac57d16bb8cba1b5a0731780e940_NeikiAnalytics.exe
-
Size
93KB
-
Sample
240523-jelcsahf6w
-
MD5
9a15ac57d16bb8cba1b5a0731780e940
-
SHA1
fbbfdf736203849ad15def2ffb9ec7311bfce0ba
-
SHA256
9cf7b04630be1e77b8863ef63097d507cb6620415f2731bafe18cc3932cdfb08
-
SHA512
29551c4f8b9891ddf3343c0ca51e3436d479b673b5ed161c6c5dcba5fdd27d5de8fb90fcbaaf5095a4e237a68fc83d4814717508fef03bbbc86b63b90c2afb5a
-
SSDEEP
768:JY3XyhhWXxyFcxovUKUJuROprXtwNzeYhYbmXxrjEtCdnl2pi1Rz4Rk3bsGdppgM:AyvWhIUKcuOJgPhBjEwzGi1dDnDpgS
Behavioral task
behavioral1
Sample
9a15ac57d16bb8cba1b5a0731780e940_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
9a15ac57d16bb8cba1b5a0731780e940_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
njrat
0.7d
Yandeks
hakim32.ddns.net:2000
6.tcp.eu.ngrok.io:15716
744fb76941137f6287af971d54032263
-
reg_key
744fb76941137f6287af971d54032263
-
splitter
|'|'|
Targets
-
-
Target
9a15ac57d16bb8cba1b5a0731780e940_NeikiAnalytics.exe
-
Size
93KB
-
MD5
9a15ac57d16bb8cba1b5a0731780e940
-
SHA1
fbbfdf736203849ad15def2ffb9ec7311bfce0ba
-
SHA256
9cf7b04630be1e77b8863ef63097d507cb6620415f2731bafe18cc3932cdfb08
-
SHA512
29551c4f8b9891ddf3343c0ca51e3436d479b673b5ed161c6c5dcba5fdd27d5de8fb90fcbaaf5095a4e237a68fc83d4814717508fef03bbbc86b63b90c2afb5a
-
SSDEEP
768:JY3XyhhWXxyFcxovUKUJuROprXtwNzeYhYbmXxrjEtCdnl2pi1Rz4Rk3bsGdppgM:AyvWhIUKcuOJgPhBjEwzGi1dDnDpgS
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-