General
-
Target
7b11d3a409d82e3baebc1fa602924580_NeikiAnalytics.exe
-
Size
260KB
-
Sample
240526-g3z5qsae89
-
MD5
7b11d3a409d82e3baebc1fa602924580
-
SHA1
8a08c4ac614f73b6e83eb650eef5adeb7a35176b
-
SHA256
a76cff293fa972fdfda6e86dbd906a5698870c82ba7cd1ec89cbd91dccf57d5f
-
SHA512
9c494b1c546eb02cfabebe11f3e5c5b67679fec9850919014e20e38c3b1b688dd4006b4dcd6d7a706670bb989e1c9a375adc074d9ede37fa641bddd0ce8f47c0
-
SSDEEP
6144:HhJkmMlGAzciA4nhT5ai7Ohk/0BFen/xmf:HhJEQloHOXM4f
Static task
static1
Behavioral task
behavioral1
Sample
7b11d3a409d82e3baebc1fa602924580_NeikiAnalytics.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7b11d3a409d82e3baebc1fa602924580_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
7b11d3a409d82e3baebc1fa602924580_NeikiAnalytics.exe
-
Size
260KB
-
MD5
7b11d3a409d82e3baebc1fa602924580
-
SHA1
8a08c4ac614f73b6e83eb650eef5adeb7a35176b
-
SHA256
a76cff293fa972fdfda6e86dbd906a5698870c82ba7cd1ec89cbd91dccf57d5f
-
SHA512
9c494b1c546eb02cfabebe11f3e5c5b67679fec9850919014e20e38c3b1b688dd4006b4dcd6d7a706670bb989e1c9a375adc074d9ede37fa641bddd0ce8f47c0
-
SSDEEP
6144:HhJkmMlGAzciA4nhT5ai7Ohk/0BFen/xmf:HhJEQloHOXM4f
Score8/10-
Blocklisted process makes network request
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1