Overview

overview

9

Static

static

9

fe0354cca3...cs.exe

windows7-x64

9

fe0354cca3...cs.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe0354cca32b8dd29358acc6f94c4300_NeikiAnalytics.exe

  • Size

    156KB

  • Sample

    240525-rv7jysgb99

  • MD5

    fe0354cca32b8dd29358acc6f94c4300

  • SHA1

    a89fc308dcc6476abc2beca8616fc85171b3bcb3

  • SHA256

    23c737d0795cc4b929720ba54e9906819301f33c9a8a00292a4c019d5928b0ab

  • SHA512

    f5c50f46efe42783623c014fd259605889dfe352c5b44e053baf6296766e1364b54d6d2d01235a9b77e0bc9088eca8991bea91242e86b6246c3d5b6d7ae42f65

  • SSDEEP

    3072:QJ8CRzqUp49aFi3h1zaqi3uO/hQJ7P2HN7/sU:9Cxq9U03hxNkuEhQJ7+x/s

Score
9/10
cryptonepackerpersistence

Malware Config

Targets

    • Target

      fe0354cca32b8dd29358acc6f94c4300_NeikiAnalytics.exe

    • Size

      156KB

    • MD5

      fe0354cca32b8dd29358acc6f94c4300

    • SHA1

      a89fc308dcc6476abc2beca8616fc85171b3bcb3

    • SHA256

      23c737d0795cc4b929720ba54e9906819301f33c9a8a00292a4c019d5928b0ab

    • SHA512

      f5c50f46efe42783623c014fd259605889dfe352c5b44e053baf6296766e1364b54d6d2d01235a9b77e0bc9088eca8991bea91242e86b6246c3d5b6d7ae42f65

    • SSDEEP

      3072:QJ8CRzqUp49aFi3h1zaqi3uO/hQJ7P2HN7/sU:9Cxq9U03hxNkuEhQJ7+x/s

    Score
    9/10
    cryptonepackerpersistence

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks