General

  • Target

    7fbcc8195d53acf73441d1e6bf79cb30_NeikiAnalytics.exe

  • Size

    2.1MB

  • Sample

    240526-hjb48sbc46

  • MD5

    7fbcc8195d53acf73441d1e6bf79cb30

  • SHA1

    b025b67acfd2848552d333864cc95c7cd7c9a50e

  • SHA256

    1e359b8ba6b47afe269f753ebd5e91f081924e5de19c0501a1ed7bde14dba611

  • SHA512

    f5466951295d08b34f5a1ff1850fa5784e0063b0b9aad0e1a3367ecf99a834bb57f71b4f8333adffd955c47c37157050a7555aebda34a71e3aa6cc129ddc6f38

  • SSDEEP

    49152:vt3Ke0qS8OERVUYv3/dfCFzbq5mb/pHVNSIKb6ImzYtpExyQbxqNOS904:v5r0laVU9Fz+Mb/J7SIjIwYYxx0N64

Malware Config

Targets

    • Target

      7fbcc8195d53acf73441d1e6bf79cb30_NeikiAnalytics.exe

    • Size

      2.1MB

    • MD5

      7fbcc8195d53acf73441d1e6bf79cb30

    • SHA1

      b025b67acfd2848552d333864cc95c7cd7c9a50e

    • SHA256

      1e359b8ba6b47afe269f753ebd5e91f081924e5de19c0501a1ed7bde14dba611

    • SHA512

      f5466951295d08b34f5a1ff1850fa5784e0063b0b9aad0e1a3367ecf99a834bb57f71b4f8333adffd955c47c37157050a7555aebda34a71e3aa6cc129ddc6f38

    • SSDEEP

      49152:vt3Ke0qS8OERVUYv3/dfCFzbq5mb/pHVNSIKb6ImzYtpExyQbxqNOS904:v5r0laVU9Fz+Mb/J7SIjIwYYxx0N64

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      chrome/content/dependencies.js

    • Size

      95KB

    • MD5

      68d0080273abe63d91702f8014716f1b

    • SHA1

      160bbbc4276b340cf16eaa0d4a422283354ee2b7

    • SHA256

      8b07de785fd3efcb71df0c104690d9ab6c798cb924a19238a11b7c836b05dc03

    • SHA512

      de0b0faae5d86b95dc31cec4d2391470acf4408d02d324c7d5533fc89c86c2ae3610bdff428e1d9150174685a9fee975281d93fc6a0d5558ea62c43a13dfd359

    • SSDEEP

      1536:knu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RU9:kdkWgoBhcZRQgmW42qk

    Score
    3/10
    • Target

      chrome/content/offermosquito.js

    • Size

      17KB

    • MD5

      161fb0b3b64e42e7a1d94c53100075c8

    • SHA1

      e08eed71ed13ed4326d88f4106a90b5895781e35

    • SHA256

      905f964c07881cb18cb1171a1bcf40edb0a14efbcb7383a9f89da1600a6522cb

    • SHA512

      308765407a3984b8b1138221430c39b6f8e8fa50541ef341f7e71d2c373d49f23ae8f3cfc9f48dde0a6b36100331870c61fec9931f5d2337cf0c8af562ad7a70

    • SSDEEP

      384:6/MNBrh5VrgGsdPAYwowKRd8MDzUX5g6/e:2MaeYwoFd8Mnu1m

    Score
    3/10
    • Target

      $LOCALAPPDATA/ext_offermosquito/OfferMosquitoIEPlaceholder.dll

    • Size

      149KB

    • MD5

      724b1f4d8c54cf0ba7f122aafb8e1179

    • SHA1

      7e835a75cde896ccaeb9de0c30ede6a071f17109

    • SHA256

      27ed1b48f3e59236eebb9c8cc9f0b3a3e8ad00fa5194baa529ba4d14e972d4fc

    • SHA512

      897779844847b51c87f8945d1c34868b3335bd090037ef99f230bbf6c4db3cbb48fc27d87d7ac6c52f8827ef15f09d94f157445a05a0faf399d7940812f6da51

    • SSDEEP

      1536:XpSE58JiZTcPX398A6lcW9oiHI1p2M/8ntvDQUMvx0vObEkltj:XX8J42icW9o9X9/Qt7QUwxwObEkTj

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      $LOCALAPPDATA/ext_offermosquito/atl100.dll

    • Size

      134KB

    • MD5

      c85670ab64068f8080998aeba6c5019c

    • SHA1

      ef762c375486594f6604f39311d32442156ac8bb

    • SHA256

      87d88235f69c062e5b759f91253abaf7bd055937dd119bd26858237f812d3ded

    • SHA512

      870a27585f72e444fa9a2b46ab53ed420932952be8a3c4ddd0d831d72be0ac1b44992cf757de76d0cd667cd5b6150e9eb96ac2a8e7161a22c7d557946a12e5c6

    • SSDEEP

      3072:ZEi2/YxBFZNAWH6Gk5BsyGfGM8WzkAFoX:0OFZKWaj5BstfbZx8

    Score
    1/10
    • Target

      $LOCALAPPDATA/ext_offermosquito/msvcr100d.dll

    • Size

      1.4MB

    • MD5

      440e9fd9824b8e97d3ca2f34bd1bfbd1

    • SHA1

      6852b2c592b3794da114d6ac5ea9d083317bf5af

    • SHA256

      eddaa890ac6470692f76eee9586c06d727a1caf7a242170ab1a3947523927396

    • SHA512

      b458a0838159367727a63e417bba7c12b196f4d4af56703fe77ddcb2c28c3b6aab1d62335c513398f92c225f204e32b437fb49316b7c2b537c1cf877653c2ef8

    • SSDEEP

      24576:UTvHwBI4LZL5iuWJc9T5Gd3IxxGOESpXhR726u4yH9xQn9xHLfmLy4lEZu:2XDJc9+IxGMXR7IQ9VY

    Score
    3/10
    • Target

      $LOCALAPPDATA/ext_offermosquito/npOfferMosquitoIEHelper.dll

    • Size

      3.9MB

    • MD5

      db605337e5cacb043427d9a81d45afc4

    • SHA1

      6e4e78a148d8dacabafeeb8064727e081cd1cee2

    • SHA256

      d9cc48bd48c0e891c8ce445695a91a8841ea3dcea1c66b0ec74b4f69d89cd0d5

    • SHA512

      4920d293996c6562315ef01fd2b9c6d63de4352c949824e2e0e5268fe5d806de469e717305a436a6ba61bc3c8f5cc15d186059c413b03d0b6d5d6fa848b5d716

    • SSDEEP

      49152:2F0czGjHoNrzVMybgaV4VwARuUWsXOrIaIBjF+kwDQMeIa4BjF2lQEaNkFZAkFD:295Uv

    Score
    7/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      acc2b699edfea5bf5aae45aba3a41e96

    • SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    • SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    • SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    • SSDEEP

      96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX

    Score
    3/10
    • Target

      $PLUGINSDIR/nsJSON.dll

    • Size

      7KB

    • MD5

      e273fac4ce13239f485dd944f48a70aa

    • SHA1

      9c8108686412e0b193775b26e34fba1074e1cb14

    • SHA256

      6c3d7dc2882b009ff4b617593af26edc43505f43db80bfa07fc138ee3600e3a5

    • SHA512

      f5f0fa0407a55faccc2da82534c8d4f5e267b7b14b1655ffb94a23f55019081a4b12dd7ed4a4339fb5427c3ab0f08531b1b11496f4daaacedbd2a6ec2f47831a

    • SSDEEP

      96:Z+KZ0x0OOdzJt0TwYKj7W/NYDNJk4az/qjnvOnuAjye8q6Cr9r7lcnrNQD2G:3/7vAmftE/65W8q6CtBcr+

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/nsisunz.dll

    • Size

      40KB

    • MD5

      5f13dbc378792f23e598079fc1e4422b

    • SHA1

      5813c05802f15930aa860b8363af2b58426c8adf

    • SHA256

      6e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d

    • SHA512

      9270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5

    • SSDEEP

      384:KExN66Yf2xL5Q4IsjuUjUZfqRDpImexpf88FwHxXvjX3hwlHt6oIfESxSHoOO8n9:O2x64GcVpI3xC8ynToIf1SIOhW4

    Score
    3/10
    • Target

      $PLUGINSDIR/replacebf.dll

    • Size

      22KB

    • MD5

      ce2901eee68d80fe56d76f0a3a07f274

    • SHA1

      8c79facd772ddc6177235382ad2ab9b2e58ac60f

    • SHA256

      1fbf6e96fa1c9f54a24a9919880c89621b7b2706d98bbf03ad44c607dad36386

    • SHA512

      3bba1dd15c6cbca2ef8d44d0e9bed2c40e685fff288787b64c0ae76c2125a255d8e35075971a171d2b92a0eec289eb044ea7a18b00804a824d8253aa0c2cb6ab

    • SSDEEP

      384:ufP3TWY81aR5Y41nDj84gL9IB0nRAKAxDUpd4a6TMKSUXekOC:/cnS85N1UpTKSUh

    Score
    3/10
    • Target

      $PLUGINSDIR/sqlite3.dll

    • Size

      421KB

    • MD5

      dd566cbc8569268a51bb85b6f78d5fb3

    • SHA1

      729962770ad4af303e13f19466ac7724efaa9d8b

    • SHA256

      e27012bcde7f4acb5942620cda4ad56ffddf91e747b17477606fc1eb6d8d5820

    • SHA512

      0bfe78e99431e4a0d987201cfe8bd1707b22cee8904ef51ca822458cb937c95d314192f56c7ee233055309dc98170b78e6fd60204ddd46970e2c026c9a20f6e2

    • SSDEEP

      12288:DEHRHVHY7xnRdWb4TKNoemRhb8ecxN3Eh:DGnY7xnRmMRhb8LxN3Eh

    Score
    3/10
    • Target

      $PLUGINSDIR/userid.dll

    • Size

      14KB

    • MD5

      7edcf09fff892acfa195ca949290083a

    • SHA1

      f1b1ca3f4275382135d44800294a7916d28075e1

    • SHA256

      74b4d4d05593eb9f0e917f57097c4238e9e29291572d0c1d6f210b266759bdc7

    • SHA512

      eb0259d583f8fdb2131917cef2fff0461def89a943bba788530ee1d8fe562b635e095365bd57df169ee9bcb6421feba66b82f6ceccfbea5d7bb6b01009943769

    • SSDEEP

      192:7vscbCEX33AvJuHRsvqtHEOE5jMcIR0RKkDe49Z6Yq1e8V6hPnD+eoff:LzHmFvqtIZMpREtq49IYQe86hWX

    Score
    3/10
    • Target

      dependencies.js

    • Size

      95KB

    • MD5

      68d0080273abe63d91702f8014716f1b

    • SHA1

      160bbbc4276b340cf16eaa0d4a422283354ee2b7

    • SHA256

      8b07de785fd3efcb71df0c104690d9ab6c798cb924a19238a11b7c836b05dc03

    • SHA512

      de0b0faae5d86b95dc31cec4d2391470acf4408d02d324c7d5533fc89c86c2ae3610bdff428e1d9150174685a9fee975281d93fc6a0d5558ea62c43a13dfd359

    • SSDEEP

      1536:knu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RU9:kdkWgoBhcZRQgmW42qk

    Score
    3/10
    • Target

      events.js

    • Size

      799B

    • MD5

      f67c59f8d0a8d746575a8d9aa574cef1

    • SHA1

      09a3791131aeb48402ef1be41c634fa50013f1f1

    • SHA256

      aa26604dbfa57b8b1801dfc55ed7d4bf182a8b6c4f63773c97b03ff27b9b6742

    • SHA512

      c13522e3610fba718c51cb1691f62586128861e7a5d210945cc530d07462dfce6a954ac9ff15d12c3ffe873b188a1a53bee6d3e88be2845642874bc9dc83f069

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

spywarestealerupx
Score
7/10

behavioral2

spywarestealerupx
Score
7/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

adwarestealer
Score
6/10

behavioral8

adwarestealer
Score
6/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

persistence
Score
7/10

behavioral14

persistence
Score
7/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

upx
Score
7/10

behavioral20

upx
Score
7/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10