General

  • Target

    56afdf0ac31940c30a3cdf4dd10324e0_NeikiAnalytics.exe

  • Size

    504KB

  • Sample

    240526-ddjjxadb29

  • MD5

    56afdf0ac31940c30a3cdf4dd10324e0

  • SHA1

    9c8d401d2dd647ae4228c418749191abab598b39

  • SHA256

    3886ce946dac975c6341f5c2c87bd8d46cb12881507dbb07df50ce4c20b3e071

  • SHA512

    cb66d1641ec39e20ad07310641a771059f53b99aa1e5d5a34d9f3b96129f94f5e1b910a133cc222cc546712887ca4be5f3ce254a18a77a6b6da69c4a863d5021

  • SSDEEP

    12288:tPmTkT0+nXTv1d5Jo/H4a6ZeUOHFVS9Qg:Vmo4IXhd81rS

Malware Config

Targets

    • Target

      56afdf0ac31940c30a3cdf4dd10324e0_NeikiAnalytics.exe

    • Size

      504KB

    • MD5

      56afdf0ac31940c30a3cdf4dd10324e0

    • SHA1

      9c8d401d2dd647ae4228c418749191abab598b39

    • SHA256

      3886ce946dac975c6341f5c2c87bd8d46cb12881507dbb07df50ce4c20b3e071

    • SHA512

      cb66d1641ec39e20ad07310641a771059f53b99aa1e5d5a34d9f3b96129f94f5e1b910a133cc222cc546712887ca4be5f3ce254a18a77a6b6da69c4a863d5021

    • SSDEEP

      12288:tPmTkT0+nXTv1d5Jo/H4a6ZeUOHFVS9Qg:Vmo4IXhd81rS

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks