Overview

overview

10

Static

static

3

adc1d7cbaf...cs.exe

windows7-x64

10

adc1d7cbaf...cs.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adc1d7cbafe73731fdc5be733e7ba1c0_NeikiAnalytics.exe

  • Size

    6.2MB

  • Sample

    240523-vyvw4sad82

  • MD5

    adc1d7cbafe73731fdc5be733e7ba1c0

  • SHA1

    ba836a6e4d35e54b2895b70bfa9a4f42005765a0

  • SHA256

    5144b09d6428d739417301dc7ff8f0a054ecb6011aa03ff38477c8d9b95836f2

  • SHA512

    70c15e4126a1159f95740fe61a00e7380feace00c5ac6cc1273f99894e0cda2e4ed76b5c42ac15bce103c2ea88f0843324aae58af195c19afac79be08fcef5b5

  • SSDEEP

    196608:91OJf8n+rEw3ZdoYMBBu6HEJl935Ng7CazhGQ94oO8:3O18nY3jMBY6HEF35NIxMkT

Score
10/10
discoveryevasionexecutionspywarestealertrojan

Malware Config

Targets

    • Target

      adc1d7cbafe73731fdc5be733e7ba1c0_NeikiAnalytics.exe

    • Size

      6.2MB

    • MD5

      adc1d7cbafe73731fdc5be733e7ba1c0

    • SHA1

      ba836a6e4d35e54b2895b70bfa9a4f42005765a0

    • SHA256

      5144b09d6428d739417301dc7ff8f0a054ecb6011aa03ff38477c8d9b95836f2

    • SHA512

      70c15e4126a1159f95740fe61a00e7380feace00c5ac6cc1273f99894e0cda2e4ed76b5c42ac15bce103c2ea88f0843324aae58af195c19afac79be08fcef5b5

    • SSDEEP

      196608:91OJf8n+rEw3ZdoYMBBu6HEJl935Ng7CazhGQ94oO8:3O18nY3jMBY6HEF35NIxMkT

    Score
    10/10
    discoveryevasionexecutionspywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks