3b64169e6a93b7b14c4d3dd51cf7d05843ec0daf2de693400a62189c42ecd08d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c565d183d3af353759b63b848c71850_NeikiAnalytics.exe
Size

284KB
Sample

240525-xkap5aeg59
MD5

0c565d183d3af353759b63b848c71850
SHA1

1a16303df17c71fdf1bd42bcbc5f214ac6a0cc14
SHA256

3b64169e6a93b7b14c4d3dd51cf7d05843ec0daf2de693400a62189c42ecd08d
SHA512

74fc38b7adf22e7e09c453c966768d193a54892d2552ac511474dab66fc2657d6582d16dbabb3954f2027264ab9edb2b697eb0b903497518439509396ea8adcc
SSDEEP

3072:4MobR7ezAjLOZvmX1og5GWp1icKAArDZz4N9GhbkrNEkpk2Njt6AHCnkcyonv3PJ:deR7eammuqp0yN90QEWjtlCbPxqR/

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  0c565d183d3af353759b63b848c71850_NeikiAnalytics.exe
- Size
  
  284KB
- MD5
  
  0c565d183d3af353759b63b848c71850
- SHA1
  
  1a16303df17c71fdf1bd42bcbc5f214ac6a0cc14
- SHA256
  
  3b64169e6a93b7b14c4d3dd51cf7d05843ec0daf2de693400a62189c42ecd08d
- SHA512
  
  74fc38b7adf22e7e09c453c966768d193a54892d2552ac511474dab66fc2657d6582d16dbabb3954f2027264ab9edb2b697eb0b903497518439509396ea8adcc
- SSDEEP
  
  3072:4MobR7ezAjLOZvmX1og5GWp1icKAArDZz4N9GhbkrNEkpk2Njt6AHCnkcyonv3PJ:deR7eammuqp0yN90QEWjtlCbPxqR/
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1