b13d5e8fe2f0375abf3195c21d85158ba643ca6e72bdf784097b1f2e6846f0d3 | Triage

Sharing

General

Target

23f2361b4db73539e974987b304b1160_NeikiAnalytics.exe
Size

3.6MB
Sample

240527-hvfa2acg47
MD5

23f2361b4db73539e974987b304b1160
SHA1

9326925ce8a4c2e4c1283e905847412405ffe22f
SHA256

b13d5e8fe2f0375abf3195c21d85158ba643ca6e72bdf784097b1f2e6846f0d3
SHA512

f2f27419bffa66df3b619c0cd4f1d0616c6bfa0858b01a41a00c81ee4c6bcbf87ef413b22ccc951b18e108a5b1081b3f9537eb2b9235f518c4bedad300004ad0
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBRB/bSqz8:sxX7QnxrloE5dpUp2bVz8

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  23f2361b4db73539e974987b304b1160_NeikiAnalytics.exe
- Size
  
  3.6MB
- MD5
  
  23f2361b4db73539e974987b304b1160
- SHA1
  
  9326925ce8a4c2e4c1283e905847412405ffe22f
- SHA256
  
  b13d5e8fe2f0375abf3195c21d85158ba643ca6e72bdf784097b1f2e6846f0d3
- SHA512
  
  f2f27419bffa66df3b619c0cd4f1d0616c6bfa0858b01a41a00c81ee4c6bcbf87ef413b22ccc951b18e108a5b1081b3f9537eb2b9235f518c4bedad300004ad0
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBRB/bSqz8:sxX7QnxrloE5dpUp2bVz8
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer