General
-
Target
429dc93cd9b10313fa81659ff7ef5000_NeikiAnalytics.exe
-
Size
7.6MB
-
Sample
240528-n3g3gsag4x
-
MD5
429dc93cd9b10313fa81659ff7ef5000
-
SHA1
9322e9f1c9547a76382e365d8baf40a5025df5e2
-
SHA256
0f4074972e6d49a894593e0cdb3f58750d59c2e026cf84ed63a4fa1d3176e921
-
SHA512
8c948d811676f150c8f137494730296caddf85abae0430b5c726646cbbdfc507afbf5b4f90c4de259f3aeb742cae6d3e94eac8c44532bd654516546eae51284f
-
SSDEEP
196608:p2RJF0gOjmFQR4MVGFtwLPfXCCnL2hVcp:YOPKtM5LPfyCGcp
Behavioral task
behavioral1
Sample
429dc93cd9b10313fa81659ff7ef5000_NeikiAnalytics.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
429dc93cd9b10313fa81659ff7ef5000_NeikiAnalytics.exe
-
Size
7.6MB
-
MD5
429dc93cd9b10313fa81659ff7ef5000
-
SHA1
9322e9f1c9547a76382e365d8baf40a5025df5e2
-
SHA256
0f4074972e6d49a894593e0cdb3f58750d59c2e026cf84ed63a4fa1d3176e921
-
SHA512
8c948d811676f150c8f137494730296caddf85abae0430b5c726646cbbdfc507afbf5b4f90c4de259f3aeb742cae6d3e94eac8c44532bd654516546eae51284f
-
SSDEEP
196608:p2RJF0gOjmFQR4MVGFtwLPfXCCnL2hVcp:YOPKtM5LPfyCGcp
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-