d440ce4fa656096a27ad1d58d0c27fc4a2149b866c4bbbef7c3a3b55f9b7a603 | Triage

Sharing

General

Target

65a11d624e0f955ef19f890204dea2f0_NeikiAnalytics.exe
Size

229KB
Sample

240526-e2clyaeh3w
MD5

65a11d624e0f955ef19f890204dea2f0
SHA1

405c87fbdea547507b9b84347f7263395371f499
SHA256

d440ce4fa656096a27ad1d58d0c27fc4a2149b866c4bbbef7c3a3b55f9b7a603
SHA512

1aef2d9f54db118d7d3c2dc7f75e48a384778e2d723fbc1969a625664e7b8059218ae4274ab4cb40052af20c15d20c15a28b05f40c2f4569b5938af679e9cc6f
SSDEEP

3072:tVFgCc4xGvbwcU9KQ2BBAHmaPx8VoKb5Ef:GCc4xGxWKQ2Bonxn

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  65a11d624e0f955ef19f890204dea2f0_NeikiAnalytics.exe
- Size
  
  229KB
- MD5
  
  65a11d624e0f955ef19f890204dea2f0
- SHA1
  
  405c87fbdea547507b9b84347f7263395371f499
- SHA256
  
  d440ce4fa656096a27ad1d58d0c27fc4a2149b866c4bbbef7c3a3b55f9b7a603
- SHA512
  
  1aef2d9f54db118d7d3c2dc7f75e48a384778e2d723fbc1969a625664e7b8059218ae4274ab4cb40052af20c15d20c15a28b05f40c2f4569b5938af679e9cc6f
- SSDEEP
  
  3072:tVFgCc4xGvbwcU9KQ2BBAHmaPx8VoKb5Ef:GCc4xGxWKQ2Bonxn
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2