General
-
Target
21e543eae5a76d0be3ab84f7b30ff2a0_NeikiAnalytics.exe
-
Size
222KB
-
Sample
240525-1es63abf78
-
MD5
21e543eae5a76d0be3ab84f7b30ff2a0
-
SHA1
f7951904999341a375f74c4eadc76ed394cc5893
-
SHA256
2140bf201bbf0880c4ebef23a347e73aa57ba394ee8ae7b0980b90e0d866237c
-
SHA512
35972e35d6a7f108b8d2e8a278e605279228bca7bbf9e76785a67fb587efbe9d19ae492a380c2ddb668227bea14bc05edc843af61c819bd0780581fc31847833
-
SSDEEP
3072:osXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRmyw:JR5IuMQoseGk7RZBGxAycKpSPX2Nw
Static task
static1
Behavioral task
behavioral1
Sample
21e543eae5a76d0be3ab84f7b30ff2a0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
21e543eae5a76d0be3ab84f7b30ff2a0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
21e543eae5a76d0be3ab84f7b30ff2a0_NeikiAnalytics.exe
-
Size
222KB
-
MD5
21e543eae5a76d0be3ab84f7b30ff2a0
-
SHA1
f7951904999341a375f74c4eadc76ed394cc5893
-
SHA256
2140bf201bbf0880c4ebef23a347e73aa57ba394ee8ae7b0980b90e0d866237c
-
SHA512
35972e35d6a7f108b8d2e8a278e605279228bca7bbf9e76785a67fb587efbe9d19ae492a380c2ddb668227bea14bc05edc843af61c819bd0780581fc31847833
-
SSDEEP
3072:osXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRmyw:JR5IuMQoseGk7RZBGxAycKpSPX2Nw
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1