General

  • Target

    21e543eae5a76d0be3ab84f7b30ff2a0_NeikiAnalytics.exe

  • Size

    222KB

  • Sample

    240525-1es63abf78

  • MD5

    21e543eae5a76d0be3ab84f7b30ff2a0

  • SHA1

    f7951904999341a375f74c4eadc76ed394cc5893

  • SHA256

    2140bf201bbf0880c4ebef23a347e73aa57ba394ee8ae7b0980b90e0d866237c

  • SHA512

    35972e35d6a7f108b8d2e8a278e605279228bca7bbf9e76785a67fb587efbe9d19ae492a380c2ddb668227bea14bc05edc843af61c819bd0780581fc31847833

  • SSDEEP

    3072:osXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRmyw:JR5IuMQoseGk7RZBGxAycKpSPX2Nw

Malware Config

Targets

    • Target

      21e543eae5a76d0be3ab84f7b30ff2a0_NeikiAnalytics.exe

    • Size

      222KB

    • MD5

      21e543eae5a76d0be3ab84f7b30ff2a0

    • SHA1

      f7951904999341a375f74c4eadc76ed394cc5893

    • SHA256

      2140bf201bbf0880c4ebef23a347e73aa57ba394ee8ae7b0980b90e0d866237c

    • SHA512

      35972e35d6a7f108b8d2e8a278e605279228bca7bbf9e76785a67fb587efbe9d19ae492a380c2ddb668227bea14bc05edc843af61c819bd0780581fc31847833

    • SSDEEP

      3072:osXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRmyw:JR5IuMQoseGk7RZBGxAycKpSPX2Nw

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks