General
-
Target
9ba6c8b447887c9c7c6e3b82e0661470_NeikiAnalytics.exe
-
Size
1.3MB
-
Sample
240524-j3jtvsah47
-
MD5
9ba6c8b447887c9c7c6e3b82e0661470
-
SHA1
efa9cfe63da2d3c469da776a148ad77277c0fd3b
-
SHA256
060ef5806ef74cfe20503ff994d128c2529f8cd30f9c31f3d710e0e4d90e644b
-
SHA512
3d81db5f0310813ac705c1de1b5138446b48043736ec816a9c9daa64c93675b05747e72523ac6ecd3aa91f004ef670e6f207f92b36632b69ba059c5f8e007a34
-
SSDEEP
24576:Ku6J33O0c+JY5UZ+XC0kGso6Fa720W4njUprvVcC1f2o5RRfgUWYm:8u0c++OCvkGs9Fa+rd1f26RaYm
Behavioral task
behavioral1
Sample
9ba6c8b447887c9c7c6e3b82e0661470_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9ba6c8b447887c9c7c6e3b82e0661470_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
netwire
Wealthy2019.com.strangled.net:20190
wealthyme.ddns.net:20190
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
sunshineslisa
-
install_path
%AppData%\Imgburn\Host.exe
-
keylogger_dir
%AppData%\Logs\Imgburn\
-
lock_executable
false
-
offline_keylogger
true
-
password
sucess
-
registry_autorun
false
-
use_mutex
false
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
9ba6c8b447887c9c7c6e3b82e0661470_NeikiAnalytics.exe
-
Size
1.3MB
-
MD5
9ba6c8b447887c9c7c6e3b82e0661470
-
SHA1
efa9cfe63da2d3c469da776a148ad77277c0fd3b
-
SHA256
060ef5806ef74cfe20503ff994d128c2529f8cd30f9c31f3d710e0e4d90e644b
-
SHA512
3d81db5f0310813ac705c1de1b5138446b48043736ec816a9c9daa64c93675b05747e72523ac6ecd3aa91f004ef670e6f207f92b36632b69ba059c5f8e007a34
-
SSDEEP
24576:Ku6J33O0c+JY5UZ+XC0kGso6Fa720W4njUprvVcC1f2o5RRfgUWYm:8u0c++OCvkGs9Fa+rd1f26RaYm
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-