General
-
Target
a2fb690d89b5c3ff4334c8ab0ee84e30_NeikiAnalytics.exe
-
Size
567KB
-
Sample
240524-epf4lace7w
-
MD5
a2fb690d89b5c3ff4334c8ab0ee84e30
-
SHA1
9690ccf235c1e896917d76eff4f0b74c3135311f
-
SHA256
62f034ee0d6abec9fc8f462a277836cefcf340842c0f97e42db1fe46e7081e2c
-
SHA512
455b54130efbcd39a1aaccd2cda06a991241498965e7752073a348f8b92c8b80c964eb3e493751f6a865db2105399044d8613eef26fd34b28fc27e49a86353b0
-
SSDEEP
12288:ALVkhU8/+BWnVkouhKz0gN7dH4YnXa0pux9rCn8fEdHs5xSA:ALWL+wVkf80NsaOux9WnKQA
Behavioral task
behavioral1
Sample
a2fb690d89b5c3ff4334c8ab0ee84e30_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
a2fb690d89b5c3ff4334c8ab0ee84e30_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
cybergate
v1.02.1
Lammer
telsec.no-ip.org:100
Pluguin
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft
-
install_file
Pluguin.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
compatibility error
-
message_box_title
information
-
password
123
-
regkey_hkcu
Avirnt
-
regkey_hklm
Avgnt
Targets
-
-
Target
a2fb690d89b5c3ff4334c8ab0ee84e30_NeikiAnalytics.exe
-
Size
567KB
-
MD5
a2fb690d89b5c3ff4334c8ab0ee84e30
-
SHA1
9690ccf235c1e896917d76eff4f0b74c3135311f
-
SHA256
62f034ee0d6abec9fc8f462a277836cefcf340842c0f97e42db1fe46e7081e2c
-
SHA512
455b54130efbcd39a1aaccd2cda06a991241498965e7752073a348f8b92c8b80c964eb3e493751f6a865db2105399044d8613eef26fd34b28fc27e49a86353b0
-
SSDEEP
12288:ALVkhU8/+BWnVkouhKz0gN7dH4YnXa0pux9rCn8fEdHs5xSA:ALWL+wVkf80NsaOux9WnKQA
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-