General
-
Target
4aacefe6e919b21f65c9771449df1310_NeikiAnalytics.exe
-
Size
115KB
-
Sample
240525-jq4y9sba3y
-
MD5
4aacefe6e919b21f65c9771449df1310
-
SHA1
8e4a63639e1669c0e4b443de0e78ccf27a671f01
-
SHA256
de8af7bf64fa9711ae099c56c0e6ab37ba95c0edd816cc814ba9111b0cc6577b
-
SHA512
fb8cba5c73282ad80ec5af613dbafbf7fea558e3a519f7ff9383c3ae33fb0006c1e54f6f898a155984f1b038d64df5083e1850ded5a4eda9bd9b3811cb4a5883
-
SSDEEP
3072:EagwS1Ut+KNPJI1F3Md55keTZwcM2I38QXy:vUGPJKF3Md55ZTZwz38QX
Malware Config
Targets
-
-
Target
4aacefe6e919b21f65c9771449df1310_NeikiAnalytics.exe
-
Size
115KB
-
MD5
4aacefe6e919b21f65c9771449df1310
-
SHA1
8e4a63639e1669c0e4b443de0e78ccf27a671f01
-
SHA256
de8af7bf64fa9711ae099c56c0e6ab37ba95c0edd816cc814ba9111b0cc6577b
-
SHA512
fb8cba5c73282ad80ec5af613dbafbf7fea558e3a519f7ff9383c3ae33fb0006c1e54f6f898a155984f1b038d64df5083e1850ded5a4eda9bd9b3811cb4a5883
-
SSDEEP
3072:EagwS1Ut+KNPJI1F3Md55keTZwcM2I38QXy:vUGPJKF3Md55ZTZwz38QX
Score8/10-
Blocklisted process makes network request
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1