General
-
Target
7f95cf32a59866c35a58d6f539fbbc20_NeikiAnalytics.exe
-
Size
235KB
-
Sample
240523-xr9g2acg5s
-
MD5
7f95cf32a59866c35a58d6f539fbbc20
-
SHA1
c960424a29b594006b9b0486a20f2557c5572396
-
SHA256
1205b73473f33d45d4f89d60ec8e6e1ae6e05446f52ac4f0149e3f26fdb52d96
-
SHA512
8f87e3a30da21ae858cf5a676f6c6cc908a581bd552b9f86a2c2f15f0f4dd53413aed30fd2dd92979fe15209ed12f8a82acc9a8c687c1436ac5a34bc435ba994
-
SSDEEP
6144:IFMgyAI9DHBEwWGD+o/uWhxwkJxu9SJ3CCYxSn6tou:LgyAI9DHBEwjT/rHxu4Yg6to
Malware Config
Targets
-
-
Target
7f95cf32a59866c35a58d6f539fbbc20_NeikiAnalytics.exe
-
Size
235KB
-
MD5
7f95cf32a59866c35a58d6f539fbbc20
-
SHA1
c960424a29b594006b9b0486a20f2557c5572396
-
SHA256
1205b73473f33d45d4f89d60ec8e6e1ae6e05446f52ac4f0149e3f26fdb52d96
-
SHA512
8f87e3a30da21ae858cf5a676f6c6cc908a581bd552b9f86a2c2f15f0f4dd53413aed30fd2dd92979fe15209ed12f8a82acc9a8c687c1436ac5a34bc435ba994
-
SSDEEP
6144:IFMgyAI9DHBEwWGD+o/uWhxwkJxu9SJ3CCYxSn6tou:LgyAI9DHBEwjT/rHxu4Yg6to
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (58) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1