General
-
Target
29790a3dca5fdc1a5ba7281541fb1f30_NeikiAnalytics.exe
-
Size
326KB
-
Sample
240528-aygdhafh5w
-
MD5
29790a3dca5fdc1a5ba7281541fb1f30
-
SHA1
8f54b5aa0c46a63f8a776de982da5de0bf4af6c3
-
SHA256
efe7c51a6065aa24baf2f33ea287a3f8ab342d4f7e42ed312cc4ae4f6b0b6db9
-
SHA512
8a397544eadb2b92255d5a08737cdabf3cd14acb816a1a0065e040a50ac2101aed227d9b3ab45501354944d7381eb591f5a3914ea09e614c479218d5c3740169
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Behavioral task
behavioral1
Sample
29790a3dca5fdc1a5ba7281541fb1f30_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
29790a3dca5fdc1a5ba7281541fb1f30_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
29790a3dca5fdc1a5ba7281541fb1f30_NeikiAnalytics.exe
-
Size
326KB
-
MD5
29790a3dca5fdc1a5ba7281541fb1f30
-
SHA1
8f54b5aa0c46a63f8a776de982da5de0bf4af6c3
-
SHA256
efe7c51a6065aa24baf2f33ea287a3f8ab342d4f7e42ed312cc4ae4f6b0b6db9
-
SHA512
8a397544eadb2b92255d5a08737cdabf3cd14acb816a1a0065e040a50ac2101aed227d9b3ab45501354944d7381eb591f5a3914ea09e614c479218d5c3740169
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-