General
-
Target
1d3d46a98a07953edd6a3193a3103110NeikiAnalytics.exe
-
Size
6.0MB
-
Sample
240527-1f8cdaah4z
-
MD5
1d3d46a98a07953edd6a3193a3103110
-
SHA1
c8247de31cbd2b590a04326519bfc2465849c72a
-
SHA256
a45f5873f84036119aef8311c16bed0c6a3883cd3ad6d01c96283530cecba4de
-
SHA512
6d1160c6c4adfc1937ee660e13a3bfdae57a474aa509c423ec38377b08f51983e1cb672c21d3dead37a4e9986b0fd8e8b0b2067c8865272ef13973404064e5cb
-
SSDEEP
98304:ebWEtdFBg+0amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RRBMIOg3Ofs4T:ebVFheN/FJMIDJf0gsAGK4RRuIb4T
Behavioral task
behavioral1
Sample
1d3d46a98a07953edd6a3193a3103110NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
1d3d46a98a07953edd6a3193a3103110NeikiAnalytics.exe
-
Size
6.0MB
-
MD5
1d3d46a98a07953edd6a3193a3103110
-
SHA1
c8247de31cbd2b590a04326519bfc2465849c72a
-
SHA256
a45f5873f84036119aef8311c16bed0c6a3883cd3ad6d01c96283530cecba4de
-
SHA512
6d1160c6c4adfc1937ee660e13a3bfdae57a474aa509c423ec38377b08f51983e1cb672c21d3dead37a4e9986b0fd8e8b0b2067c8865272ef13973404064e5cb
-
SSDEEP
98304:ebWEtdFBg+0amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RRBMIOg3Ofs4T:ebVFheN/FJMIDJf0gsAGK4RRuIb4T
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-