General
-
Target
085824b451f842390ecdf261ececcd40_NeikiAnalytics.cab
-
Size
93KB
-
Sample
240525-w6g6nadf2y
-
MD5
085824b451f842390ecdf261ececcd40
-
SHA1
9196c2ce300cafc293f827c6cebe018568a6947e
-
SHA256
bf6022dbfb93e276acd1643baa13109abd22783fade76a064e803c42a3676c94
-
SHA512
1f13e0bc0926b3badd697210835f3032ba03e1c713f75fd1dfc4cc483a7fceef5cc59ba00763880d013a1790cdbf224eb5d1d2c11ad5e53b4dbaf3ee4ebd01a2
-
SSDEEP
1536:KwxZoE1uLDI7oPYu0if4uuWvXB9QRO96hCKPgV9Fzw+CBXVDblKtWy:KwflmDgAYu004LGyRO9bK49Fzw+CBXVK
Behavioral task
behavioral1
Sample
updater.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
updater.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
updaterExe.exe
Resource
win7-20240508-en
Malware Config
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199686524322
https://t.me/k0mono
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 Ddg/17.4.1
Targets
-
-
Target
updater
-
Size
200KB
-
MD5
d2fa3945b18f3eaa24c48a098c50046c
-
SHA1
d778764a4d298798cf3574a2d4153d1cadafc467
-
SHA256
f5c65dbdb865afffc21031f9a90afe428acffd387ff12554fcc096701a0b8d11
-
SHA512
3fa9a946d837148dae450b0238004c83d630fd5ea7431b43635c4f1dc38c546f5822dc08c294010ccbd45559ba618fd516e32b515fb6565c18e81167060c864a
-
SSDEEP
3072:Ef8yYNF9ex7nLydc8NwEfgjp9yuzKrDFU+XC3bXM/1WXBQ:E8yQF9QaOtnVzEm+SbWWXG
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
updaterExe
-
Size
200KB
-
MD5
d2fa3945b18f3eaa24c48a098c50046c
-
SHA1
d778764a4d298798cf3574a2d4153d1cadafc467
-
SHA256
f5c65dbdb865afffc21031f9a90afe428acffd387ff12554fcc096701a0b8d11
-
SHA512
3fa9a946d837148dae450b0238004c83d630fd5ea7431b43635c4f1dc38c546f5822dc08c294010ccbd45559ba618fd516e32b515fb6565c18e81167060c864a
-
SSDEEP
3072:Ef8yYNF9ex7nLydc8NwEfgjp9yuzKrDFU+XC3bXM/1WXBQ:E8yQF9QaOtnVzEm+SbWWXG
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-