cd57a48e9e6d67f6ea0668d115ea9f23a547c6205b4a93cd330871e4085e2253 | Triage

Sharing

General

Target

22678bcd0d3d418516e35ea58144d780_NeikiAnalytics.exe
Size

3.1MB
Sample

240527-g4k27sbf67
MD5

22678bcd0d3d418516e35ea58144d780
SHA1

6c5af9f1fb1eb3cf3b733150d18547ea8eac5d07
SHA256

cd57a48e9e6d67f6ea0668d115ea9f23a547c6205b4a93cd330871e4085e2253
SHA512

6542ba452a3cbe249d4643adff4987a57d7844a71a739975b63772df95cdc8c10a39611184a68112d9814af8ecf1a2244ab318fa9d5d1000bebbc4ec56e099bb
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBUB/bSqz8:sxX7QnxrloE5dpUp3bVz8

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  22678bcd0d3d418516e35ea58144d780_NeikiAnalytics.exe
- Size
  
  3.1MB
- MD5
  
  22678bcd0d3d418516e35ea58144d780
- SHA1
  
  6c5af9f1fb1eb3cf3b733150d18547ea8eac5d07
- SHA256
  
  cd57a48e9e6d67f6ea0668d115ea9f23a547c6205b4a93cd330871e4085e2253
- SHA512
  
  6542ba452a3cbe249d4643adff4987a57d7844a71a739975b63772df95cdc8c10a39611184a68112d9814af8ecf1a2244ab318fa9d5d1000bebbc4ec56e099bb
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBUB/bSqz8:sxX7QnxrloE5dpUp3bVz8
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer