General
-
Target
bb7ecaeae84ec4f173682f7fd769b580_NeikiAnalytics.exe
-
Size
86KB
-
Sample
240525-hf9w4ahf58
-
MD5
bb7ecaeae84ec4f173682f7fd769b580
-
SHA1
54c17023549ffb14b2f063fee2ba7f07d83d077d
-
SHA256
59a21cd627ff5165e5f824ab4ba7a49d0ec34de577256b691eee9c5d0f0a750b
-
SHA512
629a69cb79530906a83950a9f1fb433008f9ec82f845622258f82bce86100f73006d4fac34051f5ac70def6fe76500941e18f62f3b99b57d5cf337fd33329318
-
SSDEEP
1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSj:11PgEOng1d66jRVa+n4NmNNouukrD7HI
Malware Config
Targets
-
-
Target
bb7ecaeae84ec4f173682f7fd769b580_NeikiAnalytics.exe
-
Size
86KB
-
MD5
bb7ecaeae84ec4f173682f7fd769b580
-
SHA1
54c17023549ffb14b2f063fee2ba7f07d83d077d
-
SHA256
59a21cd627ff5165e5f824ab4ba7a49d0ec34de577256b691eee9c5d0f0a750b
-
SHA512
629a69cb79530906a83950a9f1fb433008f9ec82f845622258f82bce86100f73006d4fac34051f5ac70def6fe76500941e18f62f3b99b57d5cf337fd33329318
-
SSDEEP
1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSj:11PgEOng1d66jRVa+n4NmNNouukrD7HI
Score8/10-
Blocklisted process makes network request
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1