General
-
Target
19df4a6e35fc54bd0afb078f875b9690_NeikiAnalytics.exe
-
Size
691KB
-
Sample
240526-wdqmbsfc79
-
MD5
19df4a6e35fc54bd0afb078f875b9690
-
SHA1
3d22765346d1eba931a490082f36c90136018c05
-
SHA256
74c4d6a99f78d9829a76d6c59656f76c6e8a0087baab2a1395d31f4b6522b27e
-
SHA512
d1723e3c48d3f8c5a4023dfd22e1f120af5648021aeebd9c1425d0319e87c1decf62d77d3c299da9932a22009af2d8f45356136d2e679ca8c281b6efb40ce273
-
SSDEEP
12288:MWOTNXc3RounBAFnSS2/5hDiE+Xd3OWsN8/uOC5Ix8L+DLXsX9CpCB2:L3auBqSSSrDTm3WerC5W8ssf2
Static task
static1
Behavioral task
behavioral1
Sample
19df4a6e35fc54bd0afb078f875b9690_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
4.1
bp31
hp68b.top
rajawali99pkv.com
cisseoriginals.com
pedchain.com
affibook.com
nudtnrg.com
lems.cloud
tipozaa.store
theamalliance.com
massalit.com
houysdegsesag.top
eseventplanning.com
wxt82.xyz
supportonlineinfo.online
genee.store
nohu247.pro
cartx.store
acomunicacaorestaura.store
249b871ab7d2.info
surantools.com
funlazio.info
lynktag.com
turdfi.xyz
libgeninfo.com
smartagriafrica.info
nikkisellshouses2.com
natsellsatl.com
pg607.fun
kathinationindia.com
chonggonzalez.com
civitai.zone
unlimitednews.online
originswinery.com
byspektra.com
holisticstar.net
5vwl4z8.xyz
mx004.com
annuaire-brocante.com
getmangarock.com
my-chemicals.online
httpsaquexis.com
mavisnakliye.xyz
hemayah.live
lajtuf.com
soulguardgaming.com
hateyaocoeur.com
zloomux.com
haglove.stream
buybom.store
freeamateurzone.com
extremetechnology.shop
rabbitmobiles.com
myfertilitycoachuk.com
ledbrightled.com
blurwing.com
iptv-store.store
creditevangelists.com
zuwiz.com
gcgds.com
jumperspoods.com
lovletterstolife.store
socialpraises.net
bronessbros.com
souqshopper.com
kilid102.cloud
Targets
-
-
Target
19df4a6e35fc54bd0afb078f875b9690_NeikiAnalytics.exe
-
Size
691KB
-
MD5
19df4a6e35fc54bd0afb078f875b9690
-
SHA1
3d22765346d1eba931a490082f36c90136018c05
-
SHA256
74c4d6a99f78d9829a76d6c59656f76c6e8a0087baab2a1395d31f4b6522b27e
-
SHA512
d1723e3c48d3f8c5a4023dfd22e1f120af5648021aeebd9c1425d0319e87c1decf62d77d3c299da9932a22009af2d8f45356136d2e679ca8c281b6efb40ce273
-
SSDEEP
12288:MWOTNXc3RounBAFnSS2/5hDiE+Xd3OWsN8/uOC5Ix8L+DLXsX9CpCB2:L3auBqSSSrDTm3WerC5W8ssf2
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-