Overview

overview

9

Static

static

3

b4bce32962...cs.dll

windows7-x64

9

b4bce32962...cs.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4bce32962a80436644e7a6a25abef80_NeikiAnalytics.exe

  • Size

    5.8MB

  • Sample

    240526-xd65ragg22

  • MD5

    b4bce32962a80436644e7a6a25abef80

  • SHA1

    86b61f3a4d7356fe9ffbbab115f92f51baa61e9e

  • SHA256

    46c67cc380587adf6544ed8912b1abc2e3e668a63fcc293540d4c4141f6370fa

  • SHA512

    d139661dc78673507d97a8611ace342ebd681e5cfe91a527e1650570eae3affa179f8e9a5bf7e9b7533e40fd86bfe0ca43fdeaabcc73cadcd630e46406c36e26

  • SSDEEP

    98304:xIFj3UCF9ZHfRjorQkoCNbU/KHND09Vp/gv+KMTTYLyNmyWdS9vNA:xIF/ZZkNb4EJUULyN7WovN

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      b4bce32962a80436644e7a6a25abef80_NeikiAnalytics.exe

    • Size

      5.8MB

    • MD5

      b4bce32962a80436644e7a6a25abef80

    • SHA1

      86b61f3a4d7356fe9ffbbab115f92f51baa61e9e

    • SHA256

      46c67cc380587adf6544ed8912b1abc2e3e668a63fcc293540d4c4141f6370fa

    • SHA512

      d139661dc78673507d97a8611ace342ebd681e5cfe91a527e1650570eae3affa179f8e9a5bf7e9b7533e40fd86bfe0ca43fdeaabcc73cadcd630e46406c36e26

    • SSDEEP

      98304:xIFj3UCF9ZHfRjorQkoCNbU/KHND09Vp/gv+KMTTYLyNmyWdS9vNA:xIF/ZZkNb4EJUULyN7WovN

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks