General
-
Target
4c36a165992509e1448a23aa71989160_NeikiAnalytics.exe
-
Size
130KB
-
Sample
240524-gp7yesfg89
-
MD5
4c36a165992509e1448a23aa71989160
-
SHA1
34fada5c7983eabdc2f8f7d190a66c5cce08330d
-
SHA256
958bab74ae1391abb9378081027d5651dc7974ee908ebc1b8fa4d2bb5964e32e
-
SHA512
4cbb8bb2c2a426bcd03ff205370e66655d29211c446a7eaf9926395ffd9ea511f88c0390f0f23154a0372e52330e8c600a6841c110aef753a2749edf35b06d0f
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmo:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK
Behavioral task
behavioral1
Sample
4c36a165992509e1448a23aa71989160_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4c36a165992509e1448a23aa71989160_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
4c36a165992509e1448a23aa71989160_NeikiAnalytics.exe
-
Size
130KB
-
MD5
4c36a165992509e1448a23aa71989160
-
SHA1
34fada5c7983eabdc2f8f7d190a66c5cce08330d
-
SHA256
958bab74ae1391abb9378081027d5651dc7974ee908ebc1b8fa4d2bb5964e32e
-
SHA512
4cbb8bb2c2a426bcd03ff205370e66655d29211c446a7eaf9926395ffd9ea511f88c0390f0f23154a0372e52330e8c600a6841c110aef753a2749edf35b06d0f
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmo:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-