General

  • Target

    2333396bcad13b6638bf2f8c349c26ba52deb293a223c2c695624b9711e6d1ecNeikiAnalytics

  • Size

    6.9MB

  • Sample

    240527-2qfwjscg6x

  • MD5

    ea33308f83df7eb537284b21d3e81834

  • SHA1

    d416f1b86b58d3f69aa25defafbe590c6293a4e1

  • SHA256

    2333396bcad13b6638bf2f8c349c26ba52deb293a223c2c695624b9711e6d1ec

  • SHA512

    98a99d9783ecb21d1843f861a9e19d6db847517f97d1da73a9a2bab9d8b0271f710da209dfb8275abce7689d5ebd7d0da8af12ef51cf7e9b7fdc3695ab2eff4a

  • SSDEEP

    196608:wr+R0+aeNTfm/pf+xk4dWRGtrbWOjgWy3:dy/pWu4kRGtrbvMWy3

Malware Config

Targets

    • Target

      2333396bcad13b6638bf2f8c349c26ba52deb293a223c2c695624b9711e6d1ecNeikiAnalytics

    • Size

      6.9MB

    • MD5

      ea33308f83df7eb537284b21d3e81834

    • SHA1

      d416f1b86b58d3f69aa25defafbe590c6293a4e1

    • SHA256

      2333396bcad13b6638bf2f8c349c26ba52deb293a223c2c695624b9711e6d1ec

    • SHA512

      98a99d9783ecb21d1843f861a9e19d6db847517f97d1da73a9a2bab9d8b0271f710da209dfb8275abce7689d5ebd7d0da8af12ef51cf7e9b7fdc3695ab2eff4a

    • SSDEEP

      196608:wr+R0+aeNTfm/pf+xk4dWRGtrbWOjgWy3:dy/pWu4kRGtrbvMWy3

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks