General

  • Target

    f32311593d5a1f714570a7b91d9100e0_NeikiAnalytics.exe

  • Size

    455KB

  • Sample

    240525-hlvdlahh26

  • MD5

    f32311593d5a1f714570a7b91d9100e0

  • SHA1

    c343c18f3f208cf7719550fa4aaec1d77840e7da

  • SHA256

    d87963dfe40f497ee7d3d94e57cd5738ecc61f3cf843873133a6cbddb0a7b359

  • SHA512

    794b86df535b509b2bc442fb04475b8a113f7e568e8c9b5d9ffaa54ca7b9a71db84af163189ddd75175be84214571355bdd21becffc2b3c3b909a22ba10e6b5c

  • SSDEEP

    12288:WVEue/UNolyeWYB0kGZFdLagJdF0S/xPaG9:WVEuegLagJdF0S5PaG9

Malware Config

Targets

    • Target

      f32311593d5a1f714570a7b91d9100e0_NeikiAnalytics.exe

    • Size

      455KB

    • MD5

      f32311593d5a1f714570a7b91d9100e0

    • SHA1

      c343c18f3f208cf7719550fa4aaec1d77840e7da

    • SHA256

      d87963dfe40f497ee7d3d94e57cd5738ecc61f3cf843873133a6cbddb0a7b359

    • SHA512

      794b86df535b509b2bc442fb04475b8a113f7e568e8c9b5d9ffaa54ca7b9a71db84af163189ddd75175be84214571355bdd21becffc2b3c3b909a22ba10e6b5c

    • SSDEEP

      12288:WVEue/UNolyeWYB0kGZFdLagJdF0S/xPaG9:WVEuegLagJdF0S5PaG9

    • Renames multiple (220) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks