General
-
Target
9b1d72ad3e9aea2742d3f952f7649ee0_NeikiAnalytics.exe
-
Size
204KB
-
Sample
240525-dgzqascd52
-
MD5
9b1d72ad3e9aea2742d3f952f7649ee0
-
SHA1
ae9a682bd00d3cc4f20e48e21e9372b458d139bd
-
SHA256
afcb02001cc9bb7e6ce8de22255503646f108594bc8dc5f5e7be00864f97c0af
-
SHA512
300824b7b1cc3bec42e93b10f9decd6da2b35b1dedff092b100e214869e33c2532a301a1a61f4c008bbc3344ec18e15b13d42b7e5017b8b8a3bb4318e8a1395c
-
SSDEEP
3072:38ZBkYna9EGOeO4OZcHbLleqeASKTkgvt5rUlIipnljzNgV6:yBkYa9r64ccDpXrmIiplvN
Malware Config
Targets
-
-
Target
9b1d72ad3e9aea2742d3f952f7649ee0_NeikiAnalytics.exe
-
Size
204KB
-
MD5
9b1d72ad3e9aea2742d3f952f7649ee0
-
SHA1
ae9a682bd00d3cc4f20e48e21e9372b458d139bd
-
SHA256
afcb02001cc9bb7e6ce8de22255503646f108594bc8dc5f5e7be00864f97c0af
-
SHA512
300824b7b1cc3bec42e93b10f9decd6da2b35b1dedff092b100e214869e33c2532a301a1a61f4c008bbc3344ec18e15b13d42b7e5017b8b8a3bb4318e8a1395c
-
SSDEEP
3072:38ZBkYna9EGOeO4OZcHbLleqeASKTkgvt5rUlIipnljzNgV6:yBkYa9r64ccDpXrmIiplvN
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (57) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1