General
-
Target
a26d601ea8487164056352428db401e0_NeikiAnalytics.exe
-
Size
7.4MB
-
Sample
240524-emb2vsce26
-
MD5
a26d601ea8487164056352428db401e0
-
SHA1
95c53a2cae1cf3a118181c6a203ef2300bd5f648
-
SHA256
c844eebd0871b96ea7b7e3d40f55b4876a48eb4906bf068e738588327f610c1e
-
SHA512
9c3c776547c59f09acfef3bf1283f7de496997387520411157e033b0cfeacb4f07d888840e0e5c8457a1eb15810aee48dc58b0a5b420bccf974786ef62c11440
-
SSDEEP
196608:fhnRPnOpjuDfyGgJwBdnpkYRM+8LHdkQ:brDfDgJc69B
Behavioral task
behavioral1
Sample
a26d601ea8487164056352428db401e0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a26d601ea8487164056352428db401e0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://www.python.org/ftp/python/3.11.0/python-3.11.0-amd64.exe
Targets
-
-
Target
a26d601ea8487164056352428db401e0_NeikiAnalytics.exe
-
Size
7.4MB
-
MD5
a26d601ea8487164056352428db401e0
-
SHA1
95c53a2cae1cf3a118181c6a203ef2300bd5f648
-
SHA256
c844eebd0871b96ea7b7e3d40f55b4876a48eb4906bf068e738588327f610c1e
-
SHA512
9c3c776547c59f09acfef3bf1283f7de496997387520411157e033b0cfeacb4f07d888840e0e5c8457a1eb15810aee48dc58b0a5b420bccf974786ef62c11440
-
SSDEEP
196608:fhnRPnOpjuDfyGgJwBdnpkYRM+8LHdkQ:brDfDgJc69B
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1