General
-
Target
478fb81cce4459148e6cf79a288f9d00_NeikiAnalytics.exe
-
Size
2.3MB
-
Sample
240525-mfbrhsdd7x
-
MD5
478fb81cce4459148e6cf79a288f9d00
-
SHA1
05f19409c76815460988a01f320e2913edda25de
-
SHA256
d3e2df95eb83d19ab9f0243fb41b13beaf540c5b857b2b3e07a9ffaa60f23706
-
SHA512
3fcac557ebe3a907091458c7ac793c0b2406b337279e66f5ca0f7b5ecb0d6f1fe2bf5d1ef0dc060471e561e93174bb52d7e1df47ce1a7f6478b457463dac4d88
-
SSDEEP
49152:+kmKhyq24kI3qebVad8mMCNTm70Ja4RS/wt+kkmmM18YNqyt:+kmKEqlkAbkmyTfRRLgXryqC
Static task
static1
Behavioral task
behavioral1
Sample
478fb81cce4459148e6cf79a288f9d00_NeikiAnalytics.exe
Resource
win7-20231129-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
478fb81cce4459148e6cf79a288f9d00_NeikiAnalytics.exe
-
Size
2.3MB
-
MD5
478fb81cce4459148e6cf79a288f9d00
-
SHA1
05f19409c76815460988a01f320e2913edda25de
-
SHA256
d3e2df95eb83d19ab9f0243fb41b13beaf540c5b857b2b3e07a9ffaa60f23706
-
SHA512
3fcac557ebe3a907091458c7ac793c0b2406b337279e66f5ca0f7b5ecb0d6f1fe2bf5d1ef0dc060471e561e93174bb52d7e1df47ce1a7f6478b457463dac4d88
-
SSDEEP
49152:+kmKhyq24kI3qebVad8mMCNTm70Ja4RS/wt+kkmmM18YNqyt:+kmKEqlkAbkmyTfRRLgXryqC
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-