58fe782d9fee684e127a26e92a196a8da58b18389ca155e06ec178fc904acecc | Triage

Sharing

General

Target

0242f400cd72d0e6a96cd0d5ae5ab300_NeikiAnalytics.exe
Size

2.6MB
Sample

240526-z242eadb59
MD5

0242f400cd72d0e6a96cd0d5ae5ab300
SHA1

81956b6d0677bd5592de6a5a51c49443dc3250a0
SHA256

58fe782d9fee684e127a26e92a196a8da58b18389ca155e06ec178fc904acecc
SHA512

ad71e29f1a3a8f651dfc8d8e6d4070c3ee1d2515bfed80a20b853e6b64e6a5855359a8754a44d538e4801345c90d311fa2fede8bb9ff9f24d40a597f5c21f577
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBCB/bS:sxX7QnxrloE5dpUphb

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  0242f400cd72d0e6a96cd0d5ae5ab300_NeikiAnalytics.exe
- Size
  
  2.6MB
- MD5
  
  0242f400cd72d0e6a96cd0d5ae5ab300
- SHA1
  
  81956b6d0677bd5592de6a5a51c49443dc3250a0
- SHA256
  
  58fe782d9fee684e127a26e92a196a8da58b18389ca155e06ec178fc904acecc
- SHA512
  
  ad71e29f1a3a8f651dfc8d8e6d4070c3ee1d2515bfed80a20b853e6b64e6a5855359a8754a44d538e4801345c90d311fa2fede8bb9ff9f24d40a597f5c21f577
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBCB/bS:sxX7QnxrloE5dpUphb
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer