b5d3645ffca53830aa52b36b6486ba07bfd6b9764a478b1a6539f32731c869e2 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

45ab27b782...cs.exe

windows7-x64

8

45ab27b782...cs.exe

windows10-2004-x64

8

Sharing

General

Target

45ab27b7822125bd7860bb3b48db4580_NeikiAnalytics.exe
Size

74KB
Sample

240526-bg8xvshh42
MD5

45ab27b7822125bd7860bb3b48db4580
SHA1

8ad9961ad7c48aa92a310161cfcf141bf0ae4b54
SHA256

b5d3645ffca53830aa52b36b6486ba07bfd6b9764a478b1a6539f32731c869e2
SHA512

9d52a7035ee4f39f6f10f2ecd7fb7c631ee39c0099d5b66620f4f3c56a1971657f56fe79edf89e50e6f9e7a8cd27de0d53234835831c930dfb2cbe092e4bfafb
SSDEEP

1536:6LxJJlguY/NbvWU2VkWlVvtlqDyKJR40AEEo:cc/R+U23vtlPR0p

Score

8^/10

bootkit persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

45ab27b7822125bd7860bb3b48db4580_NeikiAnalytics.exe

Resource

win7-20240221-en

bootkit persistence spyware stealer upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

45ab27b7822125bd7860bb3b48db4580_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

bootkit persistence spyware stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  45ab27b7822125bd7860bb3b48db4580_NeikiAnalytics.exe
- Size
  
  74KB
- MD5
  
  45ab27b7822125bd7860bb3b48db4580
- SHA1
  
  8ad9961ad7c48aa92a310161cfcf141bf0ae4b54
- SHA256
  
  b5d3645ffca53830aa52b36b6486ba07bfd6b9764a478b1a6539f32731c869e2
- SHA512
  
  9d52a7035ee4f39f6f10f2ecd7fb7c631ee39c0099d5b66620f4f3c56a1971657f56fe79edf89e50e6f9e7a8cd27de0d53234835831c930dfb2cbe092e4bfafb
- SSDEEP
  
  1536:6LxJJlguY/NbvWU2VkWlVvtlqDyKJR40AEEo:cc/R+U23vtlPR0p
Score

8^/10

bootkit persistence spyware stealer upx
- Blocklisted process makes network request
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistencespywarestealerupx

behavioral2

bootkitpersistencespywarestealerupx

© 2018-2024

Terms | Privacy