General

  • Target

    19d1d1313c95384f05660b3fb5cccec0NeikiAnalytics.exe

  • Size

    487KB

  • Sample

    240527-zlvsssag53

  • MD5

    19d1d1313c95384f05660b3fb5cccec0

  • SHA1

    17e493efe98a88eaa9854900174597150bcc37ef

  • SHA256

    86796d74f7506c9189f16d8019d4b3a995c5d71fb3470f8a5f8bb2568f8a66dd

  • SHA512

    4adde69dee87fdb912716d1cce08a0f8a6efcb293f0644420451fb3f7f81df765cf8f1c4392c2f03e6679fa3614c536cf645b36616f24ce289951369d29506e6

  • SSDEEP

    6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVj:n3C9ytvngQjgtvngSV3CPobNVj

Malware Config

Targets

    • Target

      19d1d1313c95384f05660b3fb5cccec0NeikiAnalytics.exe

    • Size

      487KB

    • MD5

      19d1d1313c95384f05660b3fb5cccec0

    • SHA1

      17e493efe98a88eaa9854900174597150bcc37ef

    • SHA256

      86796d74f7506c9189f16d8019d4b3a995c5d71fb3470f8a5f8bb2568f8a66dd

    • SHA512

      4adde69dee87fdb912716d1cce08a0f8a6efcb293f0644420451fb3f7f81df765cf8f1c4392c2f03e6679fa3614c536cf645b36616f24ce289951369d29506e6

    • SSDEEP

      6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVj:n3C9ytvngQjgtvngSV3CPobNVj

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks